Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!Close

CVE-2021-20201

Published: 28 May 2021

A flaw was found in spice in versions before 0.14.92. A DoS tool might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection.

Notes

AuthorNote
leosilva
Issues that touch python_modules for spice in Xenial
need to be addressed in spice-protocol.

Priority

Low

Cvss 3 Severity Score

5.3

Score breakdown

Status

Package Release Status
spice
Launchpad, Ubuntu, Debian
bionic Needed

focal Needed

groovy Ignored
(end of life)
trusty Needs triage

upstream Needs triage

hirsute Ignored
(end of life)
xenial Needs triage

kinetic Ignored
(end of life, was needed)
impish Ignored
(end of life)
jammy Needed

lunar Needed

mantic Needed

Patches:
upstream: https://gitlab.freedesktop.org/spice/spice/-/commit/95a0cfac8a1c8eff50f05e65df945da3bb501fc9
upstream: https://gitlab.freedesktop.org/spice/spice/-/commit/ca5bbc5692e052159bce1a75f55dc60b36078749
spice-gtk
Launchpad, Ubuntu, Debian
trusty Does not exist

upstream Needs triage

bionic Not vulnerable
(code not present)
focal Not vulnerable
(code not present)
groovy Not vulnerable
(code not present)
hirsute Not vulnerable
(code not present)
xenial Not vulnerable
(code not present)
impish Not vulnerable
(code not present)
jammy Not vulnerable
(code not present)
kinetic Not vulnerable
(code not present)
lunar Not vulnerable
(code not present)
mantic Not vulnerable
(code not present)
spice-protocol
Launchpad, Ubuntu, Debian
bionic Not vulnerable

focal Not vulnerable

groovy Not vulnerable

hirsute Not vulnerable

trusty Does not exist

upstream Not vulnerable

xenial Not vulnerable

impish Not vulnerable

jammy Not vulnerable

kinetic Not vulnerable

lunar Not vulnerable

mantic Not vulnerable

Severity score breakdown

Parameter Value
Base score 5.3
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact Low
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L