7.3
CVE-2024-31081
- EPSS 0.13%
- Veröffentlicht 04.04.2024 14:15:10
- Zuletzt bearbeitet 04.08.2025 21:15:29
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Collection URLhttps://gitlab.freedesktop.org/xorg/xserver
≫
Paket
xorg-server
Default Statusunaffected
Version
1.7.0
Status
affected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION
Default Statusaffected
Version <
*
Version
0:1.1.0-25.el6_10.13
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 7
Default Statusaffected
Version <
*
Version
0:1.20.4-29.el7_9
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 7
Default Statusaffected
Version <
*
Version
0:1.8.0-33.el7_9
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 8
Default Statusaffected
Version <
*
Version
0:1.13.1-2.el8_9.10
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 8
Default Statusaffected
Version <
*
Version
0:1.20.11-23.el8_10
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 8
Default Statusaffected
Version <
*
Version
0:1.13.1-10.el8_10
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 8
Default Statusaffected
Version <
*
Version
0:21.1.3-16.el8_10
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 8.2 Advanced Update Support
Default Statusaffected
Version <
*
Version
0:1.9.0-15.el8_2.11
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 8.2 Telecommunications Update Service
Default Statusaffected
Version <
*
Version
0:1.9.0-15.el8_2.11
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
Default Statusaffected
Version <
*
Version
0:1.9.0-15.el8_2.11
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
Default Statusaffected
Version <
*
Version
0:1.11.0-8.el8_4.10
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
Default Statusaffected
Version <
*
Version
0:1.11.0-8.el8_4.10
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
Default Statusaffected
Version <
*
Version
0:1.11.0-8.el8_4.10
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 8.6 Extended Update Support
Default Statusaffected
Version <
*
Version
0:1.12.0-6.el8_6.11
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 8.8 Extended Update Support
Default Statusaffected
Version <
*
Version
0:1.12.0-15.el8_8.10
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 9
Default Statusaffected
Version <
*
Version
0:1.13.1-8.el9_4.3
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 9
Default Statusaffected
Version <
*
Version
0:23.2.7-1.el9
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 9
Default Statusaffected
Version <
*
Version
0:1.20.11-26.el9
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 9.0 Extended Update Support
Default Statusaffected
Version <
*
Version
0:1.11.0-22.el9_0.11
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 9.2 Extended Update Support
Default Statusaffected
Version <
*
Version
0:1.12.0-14.el9_2.8
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 10
Default Statusunaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 10
Default Statusunaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 10
Default Statusunaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 6
Default Statusunknown
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.13% | 0.327 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert@redhat.com | 7.3 | 1.8 | 5.5 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
|
CWE-126 Buffer Over-read
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.