Lucene search

[email protected]CVE-2014-8101

HistoryDec 10, 2014 - 3:59 p.m.

CVE-2014-8101

2014-12-1015:59:00

CWE-119

[email protected]

web.nvd.nist.gov

randr extension

xfree86

x.org x window system

x11

x server

cve-2014-8101

vulnerability

denial of service

arbitrary code execution

security advisory

7.2 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.2%

JSON

The RandR extension in XFree86 4.2.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcRRQueryVersion, (2) SProcRRGetScreenInfo, (3) SProcRRSelectInput, or (4) SProcRRConfigureOutputProperty function.

CPENameOperatorVersion
x.org:xfree86x.org xfree86eq4.2.0
x.org:xorg-serverx.org xorg-serverle1.16.2.99.901
x.org:x11x.org x11eq6.7

CPE	Name	Operator	Version
x.org:xfree86	x.org xfree86	eq	4.2.0
x.org:xorg-server	x.org xorg-server	le	1.16.2.99.901
x.org:x11	x.org x11	eq	6.7

References

advisories.mageia.org/MGASA-2014-0532.html

secunia.com/advisories/61947

secunia.com/advisories/62292

www.debian.org/security/2014/dsa-3095

www.mandriva.com/security/advisories?name=MDVSA-2015:119

www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

www.securityfocus.com/bid/71605

www.x.org/wiki/Development/Security/Advisory-2014-12-09/

security.gentoo.org/glsa/201504-06

7.2 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.2%

JSON

Related for CVE-2014-8101

prion1 veracode1 cvelist1 debiancve1 ubuntucve1 nessus22 redhat2 centos2 openvas15 osv1 freebsd1 ibm1 debian2 mageia1 oraclelinux2 suse1 securityvulns2 amazon1 archlinux1 gentoo1 slackware1 ubuntu1 fedora3 oracle1