Search for vulnerabilities
Vulnerability details: VCID-xngp-n9hs-aaag
Vulnerability ID VCID-xngp-n9hs-aaag
Aliases CVE-2020-14355
Summary Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2020:4184
rhas Important https://access.redhat.com/errata/RHSA-2020:4185
rhas Important https://access.redhat.com/errata/RHSA-2020:4186
rhas Important https://access.redhat.com/errata/RHSA-2020:4187
cvssv3 6.6 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14355.json
epss 0.00150 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.00150 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.00150 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.00150 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.00209 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.00209 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.00209 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.00209 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.00209 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.00209 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.00209 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.00209 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.00209 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.00209 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.00209 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.00209 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01313 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01839 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01839 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01839 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01839 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01839 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01839 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.01839 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.0185 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.0185 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.0185 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
epss 0.02076 https://api.first.org/data/v1/epss?cve=CVE-2020-14355
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=1868435
cvssv3.1 6.6 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-14355
cvssv3 6.6 https://nvd.nist.gov/vuln/detail/CVE-2020-14355
cvssv3.1 6.6 https://nvd.nist.gov/vuln/detail/CVE-2020-14355
archlinux Critical https://security.archlinux.org/AVG-1239
archlinux Critical https://security.archlinux.org/AVG-2134
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00001.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14355.json
https://api.first.org/data/v1/epss?cve=CVE-2020-14355
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14355
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://lists.debian.org/debian-lts-announce/2020/11/msg00001.html
https://lists.debian.org/debian-lts-announce/2020/11/msg00002.html
https://usn.ubuntu.com/4572-1/
https://usn.ubuntu.com/4572-2/
https://www.debian.org/security/2020/dsa-4771
https://www.openwall.com/lists/oss-security/2020/10/06/10
1868435 https://bugzilla.redhat.com/show_bug.cgi?id=1868435
971750 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971750
ASA-202107-12 https://security.archlinux.org/ASA-202107-12
AVG-1239 https://security.archlinux.org/AVG-1239
AVG-2134 https://security.archlinux.org/AVG-2134
cpe:2.3:a:redhat:enterprise_linux_update_services_for_sap_solutions:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:enterprise_linux_update_services_for_sap_solutions:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:16.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:16.1:*:*:*:*:*:*:*
cpe:2.3:a:spice_project:spice:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:spice_project:spice:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_aus:8.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_tus:8.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.0:*:*:*:*:*:*:*
CVE-2020-14355 https://nvd.nist.gov/vuln/detail/CVE-2020-14355
RHSA-2020:4184 https://access.redhat.com/errata/RHSA-2020:4184
RHSA-2020:4185 https://access.redhat.com/errata/RHSA-2020:4185
RHSA-2020:4186 https://access.redhat.com/errata/RHSA-2020:4186
RHSA-2020:4187 https://access.redhat.com/errata/RHSA-2020:4187
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14355.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2020-14355
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2020-14355
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2020-14355
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.51482
EPSS Score 0.00150
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.