Lucene search
Ubuntu.comUB:CVE-2022-46344HistoryDec 14, 2022 - 12:00 a.m.
CVE-2022-46344
2022-12-1400:00:00
ubuntu.com
ubuntu.com
13
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.026 Low
EPSS
Percentile
90.3%
A vulnerability was found in X.Org. This security flaw occurs because the
handler for the XIChangeProperty request has a length-validation issues,
resulting in out-of-bounds memory reads and potential information
disclosure. This issue can lead to local privileges elevation on systems
where the X server is running privileged and remote code execution for ssh
X forwarding sessions.
Notes
| Author | Note |
|---|---|
| mdeslaur | xorg server is actually the xorg-server package the xorg package only contains docs xwayland package contains parts of xorg-server This is ZDI-CAN-19405 |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | xorg-server | < 2:1.19.6-1ubuntu4.13 | UNKNOWN |
| ubuntu | 20.04 | noarch | xorg-server | < 2:1.20.13-1ubuntu1~20.04.5 | UNKNOWN |
| ubuntu | 22.04 | noarch | xorg-server | < 2:21.1.3-2ubuntu2.5 | UNKNOWN |
| ubuntu | 22.10 | noarch | xorg-server | < 2:21.1.4-2ubuntu1.3 | UNKNOWN |
| ubuntu | 23.04 | noarch | xorg-server | < 2:21.1.5-1ubuntu1 | UNKNOWN |
| ubuntu | 14.04 | noarch | xorg-server | < 2:1.15.1-0ubuntu2.11+esm7 | UNKNOWN |
| ubuntu | 16.04 | noarch | xorg-server | < 2:1.18.4-0ubuntu0.12+esm5 | UNKNOWN |
| ubuntu | 16.04 | noarch | xorg-server-hwe-16.04 | < 2:1.19.6-1ubuntu4.1~16.04.6+esm4 | UNKNOWN |
| ubuntu | 18.04 | noarch | xorg-server-hwe-18.04 | < 2:1.20.8-2ubuntu2.2~18.04.9 | UNKNOWN |
| ubuntu | 22.04 | noarch | xwayland | < 2:22.1.1-1ubuntu0.4 | UNKNOWN |
Related
prion
prion
Out-of-bounds
2022-12-14 21:15:00
osv
osv
CVE-2022-46344
2022-12-14 21:15:13
Moderate: tigervnc security and bug fix update
2023-05-09 00:00:00
xorg-server - security update
2022-12-20 00:00:00
cvelist
cvelist
CVE-2022-46344
2022-12-14 00:00:00
nvd
nvd
CVE-2022-46344
2022-12-14 21:15:13
veracode
veracode
Information Disclosure
2022-12-24 07:33:51
zdi
zdi
debiancve
debiancve
CVE-2022-46344
2022-12-14 21:15:13
redhatcve
redhatcve
CVE-2022-46344
2022-12-14 05:05:36
cve
cve
CVE-2022-46344
2022-12-14 21:15:13
alpinelinux
alpinelinux
CVE-2022-46344
2022-12-14 21:15:13
ubuntucve
ubuntucve
CVE-2023-6478
2023-12-13 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package xorg-server version 2:1.20.14-alt5
2022-12-14 00:00:00
nessus
nessus
RHEL 7 : xorg-x11-server (RHSA-2023:0046)
2023-01-09 00:00:00
EulerOS 2.0 SP10 : xorg-x11-server (EulerOS-SA-2023-1569)
2023-03-19 00:00:00
EulerOS 2.0 SP9 : xorg-x11-server (EulerOS-SA-2023-2345)
2023-07-09 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: xorg-x11-server-Xwayland-22.1.6-1.fc37
2022-12-19 01:18:30
[SECURITY] Fedora 36 Update: xorg-x11-server-1.20.14-12.fc36
2022-12-26 01:17:10
[SECURITY] Fedora 36 Update: xorg-x11-server-Xwayland-22.1.7-1.fc36
2023-01-04 01:33:23
openvas
openvas
Huawei EulerOS: Security Advisory for xorg-x11-server (EulerOS-SA-2023-2325)
2023-07-10 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:4485-1)
2022-12-15 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2095
2023-02-07 08:27:40
Advisory ROSA-SA-2023-2092
2023-02-02 09:29:40
redhat
redhat
(RHSA-2023:0046) Important: xorg-x11-server security update
2023-01-09 14:21:36
(RHSA-2023:0045) Important: tigervnc security update
2023-01-09 14:20:51
(RHSA-2023:2830) Moderate: tigervnc security and bug fix update
2023-05-16 05:55:54
debian
debian
[SECURITY] [DSA 5304-1] xorg-server security update
2022-12-20 19:51:37
[SECURITY] [DLA 3256-1] xorg-server security update
2022-12-31 14:04:06
oraclelinux
oraclelinux
tigervnc security update
2023-01-09 00:00:00
tigervnc security and bug fix update
2023-05-15 00:00:00
tigervnc security and bug fix update
2023-05-24 00:00:00
almalinux
almalinux
Moderate: tigervnc security and bug fix update
2023-05-09 00:00:00
Moderate: tigervnc security and bug fix update
2023-05-16 00:00:00
Moderate: xorg-x11-server security and bug fix update
2023-05-09 00:00:00
slackware
slackware
[slackware-security] xorg-server
2022-12-14 21:30:53
[slackware-security] tigervnc
2023-11-13 19:27:10
freebsd
freebsd
xorg-server -- Multiple security issues in X server extensions
2022-12-14 00:00:00
ubuntu
ubuntu
X.Org X Server vulnerabilities
2022-12-14 00:00:00
X.Org X Server vulnerabilities
2023-02-16 00:00:00
centos
centos
tigervnc security update
2023-01-30 16:44:07
xorg security update
2023-01-30 16:41:38
mageia
mageia
Updated x11-server packages fix security vulnerability
2023-01-24 10:58:24
amazon
amazon
Important: xorg-x11-server
2023-02-17 00:02:00
Important: xorg-x11-server
2023-03-02 22:35:00
gentoo
gentoo
X.Org X server, XWayland: Multiple Vulnerabilities
2023-05-30 00:00:00
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.026 Low
EPSS
Percentile
90.3%
Related for UB:CVE-2022-46344