The (1) redchannelpipesaddtype and (2) redchannelpipesaddemptymsg functions in server/redchannel.c in SPICE before 0.12.4 do not properly perform ring loops, which might allow remote attackers to cause a denial of service (reachable assertion and server exit) by triggering a network error.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_name": "libspice-server-dev", "binary_version": "0.12.4-0nocelt1" }, { "binary_name": "libspice-server1", "binary_version": "0.12.4-0nocelt1" }, { "binary_name": "spice-client", "binary_version": "0.12.4-0nocelt1" } ] }