CVE-2021-20201 log

Source
Severity Low
Remote Yes
Type Denial of service
Description
An issue was discovered in spice version 0.14.91 and before. There is a DoS Vulnerability which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection.
Group Package Affected Fixed Severity Status Ticket
AVG-1239 spice 0.14.3-3 Critical Vulnerable FS#68166
References
https://bugzilla.redhat.com/show_bug.cgi?id=1921846
https://gitlab.freedesktop.org/spice/spice/-/issues/49
https://gitlab.freedesktop.org/spice/spice/-/merge_requests/150
https://gitlab.freedesktop.org/spice/spice/-/commit/95a0cfac8a1c8eff50f05e65df945da3bb501fc9
https://gitlab.freedesktop.org/spice/spice/-/commit/ca5bbc5692e052159bce1a75f55dc60b36078749