Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2024-31080HistoryApr 04, 2024 - 2:15 p.m.
CVE-2024-31080
2024-04-0414:15:10
Debian Security Bug Tracker
security-tracker.debian.org
12
x.org
buffer over-read
heap-based
memory leakage
segmentation faults
byte-swapped
endianness
x server
out-of-bounds reads
0.0005 Low
EPSS
Percentile
16.7%
A heap-based buffer over-read vulnerability was found in the X.org server’s ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker’s inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | xorg-server | < 2:21.1.7-3+deb12u7 | xorg-server_2:21.1.7-3+deb12u7_all.deb |
| Debian | 11 | all | xorg-server | < 2:1.20.11-1+deb11u13 | xorg-server_2:1.20.11-1+deb11u13_all.deb |
| Debian | 10 | all | xorg-server | < 2:1.20.4-1+deb10u14 | xorg-server_2:1.20.4-1+deb10u14_all.deb |
| Debian | 999 | all | xorg-server | < 2:21.1.11-3 | xorg-server_2:21.1.11-3_all.deb |
| Debian | 13 | all | xorg-server | < 2:21.1.11-3 | xorg-server_2:21.1.11-3_all.deb |
| Debian | 12 | all | xwayland | <= 2:22.1.9-1 | xwayland_2:22.1.9-1_all.deb |
| Debian | 999 | all | xwayland | < 2:23.2.6-1 | xwayland_2:23.2.6-1_all.deb |
| Debian | 13 | all | xwayland | < 2:23.2.6-1 | xwayland_2:23.2.6-1_all.deb |
Related
cve
cve
CVE-2024-31080
2024-04-04 14:15:10
cvelist
cvelist
wolfi
wolfi
CVE-2024-31080 vulnerabilities
2024-06-02 09:07:39
veracode
veracode
Buffer Over-read
2024-04-11 02:44:05
redhatcve
redhatcve
CVE-2024-31080
2024-04-04 08:37:31
cgr
cgr
CVE-2024-31080 vulnerabilities
2024-05-19 03:07:16
ubuntucve
ubuntucve
CVE-2024-31080
2024-03-04 00:00:00
alpinelinux
alpinelinux
CVE-2024-31080
2024-04-04 14:15:10
nessus
nessus
Oracle Linux 7 : tigervnc (ELSA-2024-2080)
2024-04-29 00:00:00
Fedora 38 : xorg-x11-server-Xwayland (2024-1706127797)
2024-04-24 00:00:00
RHEL 9 : tigervnc (RHSA-2024:2616)
2024-04-30 00:00:00
redhat
redhat
(RHSA-2024:2080) Important: tigervnc security update
2024-04-29 01:07:43
(RHSA-2024:3261) Important: tigervnc security update
2024-05-22 10:41:22
(RHSA-2024:3258) Moderate: xorg-x11-server security update
2024-05-22 10:41:21
freebsd
freebsd
xorg server -- Multiple vulnerabilities
2024-04-03 00:00:00
oraclelinux
oraclelinux
X.Org server security update
2024-04-11 00:00:00
tigervnc security update
2024-04-24 00:00:00
tigervnc security update
2024-04-29 00:00:00
amazon
amazon
Important: xorg-x11-server
2024-04-11 01:07:00
Important: tigervnc
2024-04-11 01:07:00
openvas
openvas
Debian: Security Advisory (DLA-3787-1)
2024-04-15 00:00:00
Debian: Security Advisory (DSA-5657-1)
2024-04-15 00:00:00
Mageia: Security Advisory (MGASA-2024-0121)
2024-04-12 00:00:00
osv
osv
xorg-server - security update
2024-04-12 00:00:00
Important: tigervnc security update
2024-05-10 14:32:42
Important: xorg-x11-server-Xwayland security update
2024-05-23 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: xorg-x11-server-Xwayland-22.1.9-7.fc38
2024-04-24 01:36:56
[SECURITY] Fedora 40 Update: xorg-x11-server-Xwayland-23.2.6-1.fc40
2024-04-19 21:43:34
[SECURITY] Fedora 39 Update: xorg-x11-server-Xwayland-23.2.6-1.fc39
2024-04-24 01:18:17
almalinux
almalinux
Important: tigervnc security update
2024-05-22 00:00:00
Important: tigervnc security update
2024-04-30 00:00:00
Important: xorg-x11-server-Xwayland security update
2024-05-23 00:00:00
rocky
rocky
tigervnc security update
2024-05-10 14:32:42
tigervnc security update
2024-05-06 13:04:21
debian
debian
[SECURITY] [DSA 5657-1] xorg-server security update
2024-04-12 20:32:08
[SECURITY] [DLA 3787-1] xorg-server security update
2024-04-15 13:23:10
mageia
mageia
ubuntu
ubuntu
X.Org X Server regression
2024-04-09 00:00:00
X.Org X Server vulnerabilities
2024-04-04 00:00:00
redos
redos
ROS-20240507-07
2024-05-07 00:00:00
slackware
slackware
[slackware-security] xorg-server
2024-04-03 22:25:44
[slackware-security] tigervnc
2024-04-05 20:14:40