7.8

CVE-2020-14346

A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
X.OrgX Server Version < 1.20.9
CanonicalUbuntu Linux Version14.04 SwEditionesm
RedhatEnterprise Linux Version6.0
RedhatEnterprise Linux Version7.0
RedhatEnterprise Linux Version8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.63% 0.456
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
CWE-191 Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

https://security.gentoo.org/glsa/202012-01
Third Party Advisory
https://usn.ubuntu.com/4488-2/
Third Party Advisory
https://lists.x.org/archives/xorg-announce/2020-August/003058.html
Patch
Vendor Advisory
Mailing List
https://bugzilla.redhat.com/show_bug.cgi?id=1862246
Third Party Advisory
Issue Tracking
https://www.zerodayinitiative.com/advisories/ZDI-20-1417/
Third Party Advisory
VDB Entry