Search for vulnerabilities
Vulnerability details: VCID-3rsq-b4bk-aaah
Vulnerability ID VCID-3rsq-b4bk-aaah
Aliases CVE-2013-4282
Summary Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial of service (crash) via a long password in a SPICE ticket.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-121 Stack-based Buffer Overflow
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-4282.html
generic_textual Medium http://rhn.redhat.com/errata/RHSA-2013-1460.html
generic_textual Medium http://rhn.redhat.com/errata/RHSA-2013-1473.html
generic_textual Medium http://rhn.redhat.com/errata/RHSA-2013-1474.html
rhas Important https://access.redhat.com/errata/RHSA-2013:1460
rhas Important https://access.redhat.com/errata/RHSA-2013:1473
rhas Important https://access.redhat.com/errata/RHSA-2013:1474
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.01094 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.02619 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.07938 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.07938 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.07938 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.07938 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.08411 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.08411 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.08411 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.08411 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.08411 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.08411 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.08411 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.08411 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.08411 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.08411 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
epss 0.08411 https://api.first.org/data/v1/epss?cve=CVE-2013-4282
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=1000443
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4130
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4282
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2013-4282
generic_textual Medium https://ubuntu.com/security/notices/USN-2027-1
Reference id Reference type URL
http://cgit.freedesktop.org/spice/spice/commit/?id=8af619009660b24e0b41ad26b30289eea288fcc2
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00008.html
http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-4282.html
http://rhn.redhat.com/errata/RHSA-2013-1460.html
http://rhn.redhat.com/errata/RHSA-2013-1473.html
http://rhn.redhat.com/errata/RHSA-2013-1474.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4282.json
https://api.first.org/data/v1/epss?cve=CVE-2013-4282
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4130
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4282
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://ubuntu.com/security/notices/USN-2027-1
http://www.debian.org/security/2014/dsa-2839
http://www.securityfocus.com/bid/63408
http://www.ubuntu.com/usn/USN-2027-1
1000443 https://bugzilla.redhat.com/show_bug.cgi?id=1000443
728314 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728314
cpe:2.3:a:redhat:enterprise_virtualization:3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:enterprise_virtualization:3.0:*:*:*:*:*:*:*
cpe:2.3:a:spice_project:spice:0.12.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:spice_project:spice:0.12.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
CVE-2013-4282 https://nvd.nist.gov/vuln/detail/CVE-2013-4282
RHSA-2013:1460 https://access.redhat.com/errata/RHSA-2013:1460
RHSA-2013:1473 https://access.redhat.com/errata/RHSA-2013:1473
RHSA-2013:1474 https://access.redhat.com/errata/RHSA-2013:1474
USN-2027-1 https://usn.ubuntu.com/2027-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2013-4282
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.75972
EPSS Score 0.01094
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.