[3.8] spice: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service (CVE-2018-10873)
A vulnerability was discovered in SPICE before version 0.14.1 where the
generated code used for demarshalling messages
lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages
to its peer which would result in a crash or, potentially, other impacts.
(from redmine: issue id 9307, created on 2018-08-21, closed on 2018-11-08)
- Revision 03fec458 on 2018-11-07T13:47:26Z:
main/spice: security upgrade to 0.14.1 (CVE-2018-10873) Fixes #9307