aosc-os-abbs icon indicating copy to clipboard operation
aosc-os-abbs copied to clipboard

Published 20 hours ago verified publisher icon AOSC-Dev

usbredir: Use-after-free (CVE-2021-3700)

Open CamberLoid opened this issue 1 year ago • 0 comments

CVE IDs

CVE-2021-3700

Other security advisory IDs

  • Debian: https://security-tracker.debian.org/tracker/DLA-2958-1
  • Ubuntu: https://ubuntu.com/security/notices/USN-5784-1

Description

It was discovered that usbredir incorrectly handled memory when serializing large amounts of data in the case of a slow or blocked destination. An attacker could possibly use this issue to cause applications using usbredir to crash, resulting in a denial of service, or possibly execute arbitrary code.

Patches

  • https://gitlab.freedesktop.org/spice/usbredir/-/commit/03c519ff5831ba75120e00ebebbf1d5a1f7220ab
  • Or update to version 0.11.0 or later (latest is 0.13.0)

PoC(s)

N/A

CamberLoid avatar Jun 14 '23 07:06 CamberLoid