CVE-2024-21885

EPSS 0.24%
Veröffentlicht 28.02.2024 13:15:08
Zuletzt bearbeitet 04.08.2025 21:15:28
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remote code execution in SSH X11 forwarding environments.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 21

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Collection URLhttps://gitlab.freedesktop.org/xorg/xserver

≫

Paket xorg-server

Version < 21.1.11

Version 0

Status affected

Version < *

Version 21.1.11

Status unaffected

Collection URLhttps://gitlab.freedesktop.org/xorg/xserver

≫

Paket xwayland

Version < 23.2.4

Version 0

Status affected

Version < *

Version 23.2.4

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION

Default Statusaffected

Version < *

Version 0:1.1.0-25.el6_10.13

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 7

Default Statusaffected

Version < *

Version 0:1.20.4-27.el7_9

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 7

Default Statusaffected

Version < *

Version 0:1.8.0-31.el7_9

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8

Default Statusaffected

Version < *

Version 0:1.13.1-2.el8_9.7

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8

Default Statusaffected

Version < *

Version 0:1.20.11-22.el8

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8

Default Statusaffected

Version < *

Version 0:21.1.3-15.el8

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.2 Advanced Update Support

Default Statusaffected

Version < *

Version 0:1.9.0-15.el8_2.9

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Default Statusaffected

Version < *

Version 0:1.9.0-15.el8_2.9

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions

Default Statusaffected

Version < *

Version 0:1.9.0-15.el8_2.9

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support

Default Statusaffected

Version < *

Version 0:1.11.0-8.el8_4.8

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Default Statusaffected

Version < *

Version 0:1.11.0-8.el8_4.8

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions

Default Statusaffected

Version < *

Version 0:1.11.0-8.el8_4.8

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.6 Extended Update Support

Default Statusaffected

Version < *

Version 0:1.12.0-6.el8_6.9

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.8 Extended Update Support

Default Statusaffected

Version < *

Version 0:1.12.0-15.el8_8.7

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9

Default Statusaffected

Version < *

Version 0:1.13.1-3.el9_3.6

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9

Default Statusaffected

Version < *

Version 0:1.20.11-24.el9

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9

Default Statusaffected

Version < *

Version 0:22.1.9-5.el9

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9.0 Extended Update Support

Default Statusaffected

Version < *

Version 0:1.11.0-22.el9_0.8

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9.2 Extended Update Support

Default Statusaffected

Version < *

Version 0:1.12.0-14.el9_2.5

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 6

Default Statusunknown

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.24%	0.464

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-122 Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

https://access.redhat.com/errata/RHSA-2024:2169

https://access.redhat.com/errata/RHSA-2024:2170

https://access.redhat.com/errata/RHSA-2024:2995

https://access.redhat.com/errata/RHSA-2024:2996

https://access.redhat.com/errata/RHSA-2024:0320

https://access.redhat.com/errata/RHSA-2024:0557

https://access.redhat.com/errata/RHSA-2024:0558

https://access.redhat.com/errata/RHSA-2024:0597

https://access.redhat.com/errata/RHSA-2024:0607

https://access.redhat.com/errata/RHSA-2024:0614

https://access.redhat.com/errata/RHSA-2024:0617

https://access.redhat.com/errata/RHSA-2024:0621