CVE-2020-14355 - log back

CVE-2020-14355 edited at 10 Oct 2020 13:48:54
Severity
- Unknown
+ Critical
Remote
- Unknown
+ Remote
Type
- Unknown
+ Arbitrary code execution
Description
+ Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system. More specifically, these flaws reside in the spice-common shared code between the client and server of SPICE. In other words, both the client (spice-gtk) and server are affected by these flaws. A malicious client or server could send specially crafted messages which could result in a process crash or potential code execution scenario.
References
+ https://www.openwall.com/lists/oss-security/2020/10/06/10
+ https://gitlab.freedesktop.org/spice/spice-common/-/commit/762e0aba
+ https://gitlab.freedesktop.org/spice/spice-common/-/commit/404d7478
+ https://gitlab.freedesktop.org/spice/spice-common/-/commit/ef1b6ff7
+ https://gitlab.freedesktop.org/spice/spice-common/-/commit/b24fe6b6
Notes
CVE-2020-14355 created at 10 Oct 2020 13:48:07