Lucene search

[email protected]CVE-2020-14344

HistoryAug 05, 2020 - 2:15 p.m.

CVE-2020-14344

2020-08-0514:15:00

CWE-190

[email protected]

web.nvd.nist.gov

305

cve-2020-14344

integer overflow

heap-buffer overflow

x input method

xim client

libx11

security vulnerability

nvd

red hat enterprise linux

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

18.8%

JSON

An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux.

VendorProductVersionCPE
x.orglibx11*cpe:2.3:a:x.org:libx11:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
x.org	libx11	*	cpe:2.3:a:x.org:libx11::::::::

References

lists.opensuse.org/opensuse-security-announce/2020-08/msg00014.html

lists.opensuse.org/opensuse-security-announce/2020-08/msg00015.html

lists.opensuse.org/opensuse-security-announce/2020-08/msg00024.html

lists.opensuse.org/opensuse-security-announce/2020-08/msg00031.html

bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14344

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4VDDSAYV7XGNRCXE7HCU23645MG74OFF/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XY4H2SIEF2362AMNX5ZKWAELGU7LKFJB/

lists.x.org/archives/xorg-announce/2020-July/003050.html

security.gentoo.org/glsa/202008-18

usn.ubuntu.com/4487-1/

usn.ubuntu.com/4487-2/

www.openwall.com/lists/oss-security/2020/07/31/1

Social References

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

18.8%

JSON

Related for CVE-2020-14344

veracode1 nessus37 openvas30 suse4 alpinelinux1 debian1 osv5 mageia1 debiancve1 ubuntucve1 prion1 redhatcve1 freebsd1 amazon1 fedora3 gentoo1 redos13 ubuntu2 cloudfoundry1 oraclelinux1 redhat5 rocky1 almalinux1 ibm1