CVE-2022-46341

2022-12-1421:15:13

Google

osv.dev

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0 Low

EPSS

Percentile

0.0%

JSON

A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.

CPENameOperatorVersion
xservereqDomain-sync3
xservereqxorg-server-1.9.0
xservereqxf-4_2_0-bindist-1
xservereqxorg-server-1.19.99.905
xservereqDomain-sync1
xservereqxf-4_0f
xservereqxorg-server-1.11.99.903
xservereqxorg-server-1.12.99.905
xservereqxf-3_9_17e
xservereqxf-4_0_2

Name	Operator	Version
xserver	eq	Domain-sync3
xserver	eq	xorg-server-1.9.0
xserver	eq	xf-4_2_0-bindist-1
xserver	eq	xorg-server-1.19.99.905
xserver	eq	Domain-sync1
xserver	eq	xf-4_0f
xserver	eq	xorg-server-1.11.99.903
xserver	eq	xorg-server-1.12.99.905
xserver	eq	xf-3_9_17e
xserver	eq	xf-4_0_2