{
  "threat_severity" : "Moderate",
  "public_date" : "2017-02-06T00:00:00Z",
  "bugzilla" : {
    "description" : "spice: Remote DoS via crafted message",
    "id" : "1399566",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1399566"
  },
  "cvss" : {
    "cvss_base_score" : "5.0",
    "cvss_scoring_vector" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
    "status" : "verified"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-1286",
  "details" : [ "A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash.", "A vulnerability was discovered in SPICE in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash." ],
  "acknowledgement" : "This issue was discovered by Frediano Ziglio (Red Hat).",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2017-02-06T00:00:00Z",
    "advisory" : "RHSA-2017:0253",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "spice-server-0:0.12.4-13.el6_8.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2017-02-06T00:00:00Z",
    "advisory" : "RHSA-2017:0254",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "spice-0:0.12.4-20.el7_3"
  }, {
    "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
    "release_date" : "2017-03-16T00:00:00Z",
    "advisory" : "RHSA-2017:0549",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7::hypervisor",
    "package" : "imgbased-0:0.8.16-0.1.el7ev"
  }, {
    "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
    "release_date" : "2017-03-16T00:00:00Z",
    "advisory" : "RHSA-2017:0549",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7::hypervisor",
    "package" : "redhat-release-virtualization-host-0:4.0-7.1.el7"
  }, {
    "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
    "release_date" : "2017-03-16T00:00:00Z",
    "advisory" : "RHSA-2017:0549",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7::hypervisor",
    "package" : "redhat-virtualization-host-0:4.0-20170307.1"
  }, {
    "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
    "release_date" : "2017-03-16T00:00:00Z",
    "advisory" : "RHSA-2017:0552",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7::hypervisor",
    "package" : "rhevm-appliance-0:20170307.0-1"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Virtualization 4",
    "fix_state" : "Affected",
    "package_name" : "distribution",
    "cpe" : "cpe:/o:redhat:rhev_hypervisor:4"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2016-9578\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9578" ],
  "name" : "CVE-2016-9578",
  "csaw" : false
}