Out-of-bounds Write

2024-01-2114:43:06

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

x.org server

out-of-bounds write

memory allocation

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.7%

JSON

X.Org server is vulnerable to Out-of-bounds Write. The vulnerability is caused due to not allocating sufficient memory space for the devices’s particular number of logical buttons. This can lead to a heap overflow if a bigger value is used. DeviceFocusEventand the XIQueryPointer reply of X.Org server contain a bit for each logical button currently down and buttons can be mapped to any value up to 255.

CPENameOperatorVersion
xwayland:sideq2:1.20.8-2
xwayland:sideq2:1.20.11-1
xwayland:3.19eq23.2.2-r0
xorg-server:3.19eq21.1.8-r3
xorg-server:3.19eq21.1.9-r0
xwayland:edgeeq21.1.0-r1
xwayland:edgeeq21.1.1-r0
xwayland:edgeeq23.1.2-r1
xwayland:edgeeq22.1.3-r1
xwayland:edgeeq22.1.5-r0

Name	Operator	Version
xwayland:sid	eq	2:1.20.8-2
xwayland:sid	eq	2:1.20.11-1
xwayland:3.19	eq	23.2.2-r0
xorg-server:3.19	eq	21.1.8-r3
xorg-server:3.19	eq	21.1.9-r0
xwayland:edge	eq	21.1.0-r1
xwayland:edge	eq	21.1.1-r0
xwayland:edge	eq	23.1.2-r1
xwayland:edge	eq	22.1.3-r1
xwayland:edge	eq	22.1.5-r0