Description

A flaw was found in spice-vdagent. A malicious or compromised SPICE host can trigger an integer overflow by sending a specially crafted message. This vulnerability can lead to a heap buffer overflow, causing the spice-vdagent daemon to crash and resulting in a Denial of Service (DoS) for the virtual machine. This issue requires the SPICE host to be untrusted or compromised for exploitation.

Severity (CVSS)

Base score5.1
SeverityMedium
VersionCVSS 3.1
VectorCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
Provided byCNA

Weaknesses

  • CWE-190 — Integer Overflow or Wraparound

Affected products

VendorProductVersions
Red HatRed Hat Enterprise Linux 10
Red HatRed Hat Enterprise Linux 6
Red HatRed Hat Enterprise Linux 7
Red HatRed Hat Enterprise Linux 8
Red HatRed Hat Enterprise Linux 8
Red HatRed Hat Enterprise Linux 9

References

Authoritative sources

This page is a snapshot. For the latest enrichment and updates, view the record on CVE.org or the NVD.

Generated from the official CVE List on 30 Jun 2026 07:04 UTC.