CVE-2024-21885

EPSS 0.24%
Veröffentlicht 28.02.2024 13:15:08
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Xorg-x11-server: heap buffer overflow in xisenddevicehierarchyevent

A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remote code execution in SSH X11 forwarding environments.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 25

CNA 22 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Collection URLhttps://gitlab.freedesktop.org/xorg/xserver

≫

Paket xorg-server

Version 0

Version < 21.1.11

Status affected

Version 21.1.11

Version < *

Status unaffected

Collection URLhttps://gitlab.freedesktop.org/xorg/xserver

≫

Paket xwayland

Version 0

Version < 23.2.4

Status affected

Version 23.2.4

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION

Default Statusaffected

Version 0:1.1.0-25.el6_10.13

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 7

Default Statusaffected

Version 0:1.20.4-27.el7_9

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 7

Default Statusaffected

Version 0:1.8.0-31.el7_9

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8

Default Statusaffected

Version 0:1.13.1-2.el8_9.7

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8

Default Statusaffected

Version 0:1.20.11-22.el8

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8

Default Statusaffected

Version 0:21.1.3-15.el8

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.2 Advanced Update Support

Default Statusaffected

Version 0:1.9.0-15.el8_2.9

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Default Statusaffected

Version 0:1.9.0-15.el8_2.9

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions

Default Statusaffected

Version 0:1.9.0-15.el8_2.9

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support

Default Statusaffected

Version 0:1.11.0-8.el8_4.8

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Default Statusaffected

Version 0:1.11.0-8.el8_4.8

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions

Default Statusaffected

Version 0:1.11.0-8.el8_4.8

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.6 Extended Update Support

Default Statusaffected

Version 0:1.12.0-6.el8_6.9

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.8 Extended Update Support

Default Statusaffected

Version 0:1.12.0-15.el8_8.7

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9

Default Statusaffected

Version 0:1.13.1-3.el9_3.6

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9

Default Statusaffected

Version 0:1.20.11-24.el9

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9

Default Statusaffected

Version 0:22.1.9-5.el9

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9.0 Extended Update Support

Default Statusaffected

Version 0:1.11.0-22.el9_0.8

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9.2 Extended Update Support

Default Statusaffected

Version 0:1.12.0-14.el9_2.5

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 6

Default Statusunknown

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.24%	0.469

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-122 Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

https://access.redhat.com/errata/RHSA-2024:2169

https://access.redhat.com/errata/RHSA-2024:2170

https://access.redhat.com/errata/RHSA-2024:2995

https://access.redhat.com/errata/RHSA-2024:2996

https://access.redhat.com/errata/RHSA-2024:0320

https://access.redhat.com/errata/RHSA-2024:0557

https://access.redhat.com/errata/RHSA-2024:0558

https://access.redhat.com/errata/RHSA-2024:0597

https://access.redhat.com/errata/RHSA-2024:0607

https://access.redhat.com/errata/RHSA-2024:0614

https://access.redhat.com/errata/RHSA-2024:0617

https://access.redhat.com/errata/RHSA-2024:0621