CVE-2017-15108

CVE-2017-15108

Vendor Red Hat, Inc.

Product spice-vdagent

Weakness CWE-78

Published January 20, 2018

Last update August 5, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed.

Key dates

02Disclosure timeline

January 20, 2018 CVE published

August 5, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2017-15108 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

01Description

02Disclosure timeline

03References

04Related CVE