Lucene search

K
redosRedosROS-20231018-04
HistoryOct 18, 2023 - 12:00 a.m.

ROS-20231018-04

2023-10-1800:00:00
redos.red-soft.ru
13
x11
library
vulnerabilities
integer overflow
denial of service
remote attack
memory leak

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

0

Percentile

5.1%

Vulnerability in the XCreateImage() function of the libX11 library is related to integer overflow. Exploitation
exploitation of the vulnerability could allow an attacker to execute arbitrary code with elevated privileges

PutSubImage() vulnerability in libX11 library is related to execution of a loop with an inaccessible exit condition.
exit condition. Exploitation of the vulnerability could allow an attacker to utilize all available system resources
and cause a denial of service condition.

Vulnerability in the_XkbReadKeySyms() function in the libX11 library is related to reading beyond the allowed
data buffer boundaries. Exploitation of the vulnerability could allow an attacker acting remotely,
cause a read out of bounds error and read the memory contents into the system

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64libx11< 1.6.12-7UNKNOWN

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

0

Percentile

5.1%