High severity8.3NVD Advisory· Published Aug 17, 2018· Updated Jun 17, 2026
CVE-2018-10873
CVE-2018-10873
Description
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
27- osv-coords26 versionspkg:rpm/opensuse/spice&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/spice-gtk&distro=openSUSE%20Tumbleweedpkg:rpm/suse/spice&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/spice&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015pkg:rpm/suse/spice&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/spice&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/spice&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/spice&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/spice&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/spice&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/spice&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/spice&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/spice&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/spice&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/spice&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/spice-gtk&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/spice-gtk&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/spice-gtk&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015pkg:rpm/suse/spice-gtk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/spice-gtk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/spice-gtk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/spice-gtk&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/spice-gtk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/spice-gtk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/spice-gtk&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/spice-gtk&distro=SUSE%20OpenStack%20Cloud%207
< 0.15.0-1.3+ 25 more
- (no CPE)range: < 0.15.0-1.3
- (no CPE)range: < 0.39-1.8
- (no CPE)range: < 0.12.8-6.1
- (no CPE)range: < 0.14.0-4.3.1
- (no CPE)range: < 0.12.4-15.1
- (no CPE)range: < 0.12.7-10.9.1
- (no CPE)range: < 0.12.7-10.9.1
- (no CPE)range: < 0.12.8-6.1
- (no CPE)range: < 0.12.4-8.18.1
- (no CPE)range: < 0.12.4-15.1
- (no CPE)range: < 0.12.7-10.9.1
- (no CPE)range: < 0.12.8-6.1
- (no CPE)range: < 0.12.4-15.1
- (no CPE)range: < 0.12.8-6.1
- (no CPE)range: < 0.12.7-10.9.1
- (no CPE)range: < 0.33-3.6.1
- (no CPE)range: < 0.34-3.3.1
- (no CPE)range: < 0.34-3.3.1
- (no CPE)range: < 0.31-9.10.1
- (no CPE)range: < 0.31-9.10.1
- (no CPE)range: < 0.33-3.6.1
- (no CPE)range: < 0.25-5.3.1
- (no CPE)range: < 0.31-9.10.1
- (no CPE)range: < 0.33-3.6.1
- (no CPE)range: < 0.33-3.6.1
- (no CPE)range: < 0.31-9.10.1
- Range: 0.14.1
Patches
Vulnerability mechanics
References
11- gitlab.freedesktop.org/spice/spice-common/commit/bb15d4815ab586b4c4a20f4a565970a44824c42cnvdPatchThird Party Advisory
- www.securityfocus.com/bid/105152nvdThird Party AdvisoryVDB Entry
- access.redhat.com/errata/RHSA-2018:2731nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:2732nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:3470nvdThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
- lists.debian.org/debian-lts-announce/2018/08/msg00035.htmlnvdMailing ListThird Party Advisory
- lists.debian.org/debian-lts-announce/2018/08/msg00037.htmlnvdMailing ListThird Party Advisory
- lists.debian.org/debian-lts-announce/2018/08/msg00038.htmlnvdMailing ListThird Party Advisory
- usn.ubuntu.com/3751-1/nvdThird Party Advisory
- www.debian.org/security/2018/dsa-4319nvdThird Party Advisory
News mentions
0No linked articles in our index yet.