CVE-2020-14355 Report - Details, Severity, & Advisories
Twingate Team
•
Jun 6, 2024
What is CVE-2020-14355?
CVE-2020-14355 is a moderate severity vulnerability affecting the QUIC image decoding process in the SPICE remote display system, impacting both the SPICE client and server. Systems running the SPICE remote display system, before spice-0.14.2-1, are susceptible to this vulnerability. Multiple buffer overflow vulnerabilities were discovered, which could result in a process crash or potential code execution if a malicious client or server sends specially crafted messages.
Who is impacted by this?
This includes openSUSE Leap 15.2 users with spice-gtk version prior to the security update (0.37-lp152.2.3.1). The flaw involves multiple buffer overflow vulnerabilities in the QUIC image decoding process, impacting both the SPICE client and server.
What should I do if I’m affected?
If you're affected by the CVE-2020-14355 vulnerability, it's crucial to update your SPICE remote display system to the latest version. Here are the steps to follow:
For openSUSE Leap 15.2 users, install the security update using YaST online\_update or "zypper patch". Alternatively, run the command: zypper in -t patch openSUSE-2020-1803=1. See the openSUSE Security Update for more details.
For Debian 9 stretch users, upgrade spice packages to version 0.12.8-2.1+deb9u4. Refer to the Debian Security Update for more information.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2020-14355 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This vulnerability, discovered in October 2020, involves multiple buffer overflow issues in the QUIC image decoding process of the SPICE remote display system. Both the client and server are affected, potentially leading to a process crash or code execution when malicious messages are sent. To address this vulnerability, users should update their SPICE remote display system to the latest version.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-120, which involves multiple buffer overflow issues in the QUIC image decoding process of the SPICE remote display system.
Learn More
CVE-2020-14355 is a buffer overflow vulnerability in the QUIC image decoding process of the SPICE remote display system, affecting both the client and server. To protect your system, update to the latest version and follow security guidelines. For more information, visit the NVD page or refer to the sources below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2020-14355 Report - Details, Severity, & Advisories
Twingate Team
•
Jun 6, 2024
What is CVE-2020-14355?
CVE-2020-14355 is a moderate severity vulnerability affecting the QUIC image decoding process in the SPICE remote display system, impacting both the SPICE client and server. Systems running the SPICE remote display system, before spice-0.14.2-1, are susceptible to this vulnerability. Multiple buffer overflow vulnerabilities were discovered, which could result in a process crash or potential code execution if a malicious client or server sends specially crafted messages.
Who is impacted by this?
This includes openSUSE Leap 15.2 users with spice-gtk version prior to the security update (0.37-lp152.2.3.1). The flaw involves multiple buffer overflow vulnerabilities in the QUIC image decoding process, impacting both the SPICE client and server.
What should I do if I’m affected?
If you're affected by the CVE-2020-14355 vulnerability, it's crucial to update your SPICE remote display system to the latest version. Here are the steps to follow:
For openSUSE Leap 15.2 users, install the security update using YaST online\_update or "zypper patch". Alternatively, run the command: zypper in -t patch openSUSE-2020-1803=1. See the openSUSE Security Update for more details.
For Debian 9 stretch users, upgrade spice packages to version 0.12.8-2.1+deb9u4. Refer to the Debian Security Update for more information.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2020-14355 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This vulnerability, discovered in October 2020, involves multiple buffer overflow issues in the QUIC image decoding process of the SPICE remote display system. Both the client and server are affected, potentially leading to a process crash or code execution when malicious messages are sent. To address this vulnerability, users should update their SPICE remote display system to the latest version.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-120, which involves multiple buffer overflow issues in the QUIC image decoding process of the SPICE remote display system.
Learn More
CVE-2020-14355 is a buffer overflow vulnerability in the QUIC image decoding process of the SPICE remote display system, affecting both the client and server. To protect your system, update to the latest version and follow security guidelines. For more information, visit the NVD page or refer to the sources below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2020-14355 Report - Details, Severity, & Advisories
Twingate Team
•
Jun 6, 2024
What is CVE-2020-14355?
CVE-2020-14355 is a moderate severity vulnerability affecting the QUIC image decoding process in the SPICE remote display system, impacting both the SPICE client and server. Systems running the SPICE remote display system, before spice-0.14.2-1, are susceptible to this vulnerability. Multiple buffer overflow vulnerabilities were discovered, which could result in a process crash or potential code execution if a malicious client or server sends specially crafted messages.
Who is impacted by this?
This includes openSUSE Leap 15.2 users with spice-gtk version prior to the security update (0.37-lp152.2.3.1). The flaw involves multiple buffer overflow vulnerabilities in the QUIC image decoding process, impacting both the SPICE client and server.
What should I do if I’m affected?
If you're affected by the CVE-2020-14355 vulnerability, it's crucial to update your SPICE remote display system to the latest version. Here are the steps to follow:
For openSUSE Leap 15.2 users, install the security update using YaST online\_update or "zypper patch". Alternatively, run the command: zypper in -t patch openSUSE-2020-1803=1. See the openSUSE Security Update for more details.
For Debian 9 stretch users, upgrade spice packages to version 0.12.8-2.1+deb9u4. Refer to the Debian Security Update for more information.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2020-14355 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This vulnerability, discovered in October 2020, involves multiple buffer overflow issues in the QUIC image decoding process of the SPICE remote display system. Both the client and server are affected, potentially leading to a process crash or code execution when malicious messages are sent. To address this vulnerability, users should update their SPICE remote display system to the latest version.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-120, which involves multiple buffer overflow issues in the QUIC image decoding process of the SPICE remote display system.
Learn More
CVE-2020-14355 is a buffer overflow vulnerability in the QUIC image decoding process of the SPICE remote display system, affecting both the client and server. To protect your system, update to the latest version and follow security guidelines. For more information, visit the NVD page or refer to the sources below.
Solutions
Solutions
The VPN replacement your workforce will love.
Solutions