1. Home
  2. CVE Database
  3. CVE-2016-0749
CRITICAL · 9.8

CVE-2016-0749

The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, whi...

Vulnerability Description

The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
OpensuseLeap42.1
OpensuseOpensuse13.2
DebianDebian Linux8.0
RedhatEnterprise Linux6.0
RedhatEnterprise Linux Desktop6.0
RedhatEnterprise Linux Server6.0
RedhatEnterprise Linux Workstation6.0
MicrosoftWindowsAll versions
RedhatEnterprise Linux Hpc Node Eus7.2
RedhatEnterprise Linux Server Aus7.2
RedhatEnterprise Linux Server Eus7.2
Spice ProjectSpice-

Related Weaknesses (CWE)

CWE-119

References

FAQ

What is CVE-2016-0749?

CVE-2016-0749 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, whi...

How severe is CVE-2016-0749?

CVE-2016-0749 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2016-0749?

Check the references section above for vendor advisories and patch information. Affected products include: Opensuse Leap, Opensuse Opensuse, Debian Debian Linux, Redhat Enterprise Linux, Redhat Enterprise Linux Desktop.