Buffer Over-Read

2024-04-1102:44:06

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

x.org

buffer over-read

vulnerability

memory leakage

segmentation faults

endianness

attacker

heap memory

out-of-bounds reads

32-bit integer

7.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H

6.9 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

X.org Server is vulnerable to Buffer Over-read. The vulnerability is due to the ProcXIPassiveGrabDevice() function, where byte-swapped length values in replies can lead to memory leakage and segmentation faults. This issue, particularly when triggered by a client with a different endianness, could allow an attacker to cause the X server to read heap memory values and transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker’s inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.

CPENameOperatorVersion
xwayland:3.19eq23.2.2-r0
xwayland:3.19eq23.2.4-r0
xorg-server:3.19eq21.1.8-r3
xorg-server:3.19eq21.1.9-r0
xorg-server:3.19eq21.1.11-r0
xwayland:edgeeq22.1.3-r0
xwayland:edgeeq21.1.0-r1
xwayland:edgeeq23.1.2-r1
xwayland:edgeeq21.1.1-r0
xwayland:edgeeq22.1.3-r1

Name	Operator	Version
xwayland:3.19	eq	23.2.2-r0
xwayland:3.19	eq	23.2.4-r0
xorg-server:3.19	eq	21.1.8-r3
xorg-server:3.19	eq	21.1.9-r0
xorg-server:3.19	eq	21.1.11-r0
xwayland:edge	eq	22.1.3-r0
xwayland:edge	eq	21.1.0-r1
xwayland:edge	eq	23.1.2-r1
xwayland:edge	eq	21.1.1-r0
xwayland:edge	eq	22.1.3-r1