CVE-2021-20201 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Low
Remote	Yes
Type	Denial of service
Description	An issue was discovered in SPICE server before version 0.15.0. There is a vulnerability which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1239	spice	0.14.3-3	0.15.0-1	Critical	Fixed	FS#68166

Date	Advisory	Group	Package	Severity	Type
06 Jul 2021	ASA-202107-12	AVG-1239	spice	Critical	multiple issues

References
https://bugzilla.redhat.com/show_bug.cgi?id=1921846 https://gitlab.freedesktop.org/spice/spice/-/issues/49 https://gitlab.freedesktop.org/spice/spice/-/merge_requests/150 https://gitlab.freedesktop.org/spice/spice/-/commit/95a0cfac8a1c8eff50f05e65df945da3bb501fc9 https://gitlab.freedesktop.org/spice/spice/-/commit/ca5bbc5692e052159bce1a75f55dc60b36078749

References

https://bugzilla.redhat.com/show_bug.cgi?id=1921846
https://gitlab.freedesktop.org/spice/spice/-/issues/49
https://gitlab.freedesktop.org/spice/spice/-/merge_requests/150
https://gitlab.freedesktop.org/spice/spice/-/commit/95a0cfac8a1c8eff50f05e65df945da3bb501fc9
https://gitlab.freedesktop.org/spice/spice/-/commit/ca5bbc5692e052159bce1a75f55dc60b36078749