FreeBSDFFA15B3B-E6F6-11EA-8CBF-54E1AD3D6335xorg-server -- Multiple input validation failures in X server extensions
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
20.2%
The X.org project reports:
All theses issuses can lead to local privileges elevation on
systems where the X server is running privileged.
The handler for the XkbSetNames request does not validate the
request length before accessing its contents.
An integer underflow exists in the handler for the
XIChangeHierarchy request.
An integer underflow exist in the handler for the XkbSelectEvents
request.
An integer underflow exist in the handler for the CreateRegister
request of the X record extension.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| FreeBSD | any | noarch | xorg-server | < 1.20.8_4,1 | UNKNOWN |
| FreeBSD | any | noarch | xephyr | < 1.20.8_4,1 | UNKNOWN |
| FreeBSD | any | noarch | xorg-vfbserver | < 1.20.8_4,1 | UNKNOWN |
| FreeBSD | any | noarch | xorg-nestserver | < 1.20.8_4,1 | UNKNOWN |
| FreeBSD | any | noarch | xwayland | < 1.20.8_4,1 | UNKNOWN |
| FreeBSD | any | noarch | xorg-dmx | < 1.20.8_4,1 | UNKNOWN |
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
20.2%