7.3

CVE-2025-49176

Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in big requests extension

A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerX.Org
Produkt xwayland
Default Statusunaffected
Version 0
Version < 24.1.7
Status affected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 10
Default Statusaffected
Version 0:24.1.5-4.el10_0
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION
Default Statusaffected
Version 0:1.1.0-25.el6_10.1
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 7.7 Advanced Update Support
Default Statusaffected
Version 0:1.8.0-17.el7_7.1
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 7 Extended Lifecycle Support
Default Statusaffected
Version 0:1.20.4-32.el7_9
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 7 Extended Lifecycle Support
Default Statusaffected
Version 0:1.8.0-36.el7_9.2
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8
Default Statusaffected
Version 0:1.20.11-26.el8_10
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8
Default Statusaffected
Version 0:21.1.3-18.el8_10
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8
Default Statusaffected
Version 0:1.15.0-7.el8_10
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.2 Advanced Update Support
Default Statusaffected
Version 0:1.9.0-15.el8_2.14
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.2 Advanced Update Support
Default Statusaffected
Version 0:1.20.6-4.el8_2
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
Default Statusaffected
Version 0:1.20.10-2.el8_4
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
Default Statusaffected
Version 0:1.11.0-8.el8_4.13
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
Default Statusaffected
Version 0:1.20.10-2.el8_4
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
Default Statusaffected
Version 0:1.11.0-8.el8_4.13
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
Default Statusaffected
Version 0:1.12.0-6.el8_6.14
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
Default Statusaffected
Version 0:21.1.3-2.el8_6.4
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
Default Statusaffected
Version 0:1.20.11-5.el8_6.3
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On
Default Statusaffected
Version 0:1.12.0-6.el8_6.14
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On
Default Statusaffected
Version 0:21.1.3-2.el8_6.4
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.6 Telecommunications Update Service
Default Statusaffected
Version 0:1.12.0-6.el8_6.14
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.6 Telecommunications Update Service
Default Statusaffected
Version 0:21.1.3-2.el8_6.4
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.6 Telecommunications Update Service
Default Statusaffected
Version 0:1.20.11-5.el8_6.3
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
Default Statusaffected
Version 0:1.12.0-6.el8_6.14
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
Default Statusaffected
Version 0:21.1.3-2.el8_6.4
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
Default Statusaffected
Version 0:1.20.11-5.el8_6.3
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.8 Extended Update Support Long-Life Add-On
Default Statusaffected
Version 0:1.20.11-16.el8_8
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.8 Extended Update Support Long-Life Add-On
Default Statusaffected
Version 0:21.1.3-11.el8_8
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.8 Telecommunications Update Service
Default Statusaffected
Version 0:1.20.11-16.el8_8
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.8 Telecommunications Update Service
Default Statusaffected
Version 0:1.12.0-15.el8_8.14
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.8 Telecommunications Update Service
Default Statusaffected
Version 0:21.1.3-11.el8_8
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
Default Statusaffected
Version 0:1.20.11-16.el8_8
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
Default Statusaffected
Version 0:1.12.0-15.el8_8.14
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
Default Statusaffected
Version 0:21.1.3-11.el8_8
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9
Default Statusaffected
Version 0:1.20.11-31.el9_6
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9
Default Statusaffected
Version 0:23.2.7-4.el9_6
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9
Default Statusaffected
Version 0:1.14.1-8.el9_6
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
Default Statusaffected
Version 0:21.1.3-3.el9_0
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
Default Statusaffected
Version 0:1.20.11-11.el9_0
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
Default Statusaffected
Version 0:1.11.0-22.el9_0.15
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions
Default Statusaffected
Version 0:21.1.3-8.el9_2
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions
Default Statusaffected
Version 0:1.20.11-18.el9_2
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions
Default Statusaffected
Version 0:1.12.0-14.el9_2.12
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9.4 Extended Update Support
Default Statusaffected
Version 0:22.1.9-6.el9_4
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9.4 Extended Update Support
Default Statusaffected
Version 0:1.20.11-26.el9_4
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 9.4 Extended Update Support
Default Statusaffected
Version 0:1.13.1-8.el9_4.7
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat Enterprise Linux 6
Default Statusaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.31% 0.224
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secalert@redhat.com 7.3 1.8 5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

https://access.redhat.com/security/cve/CVE-2025-49176
https://bugzilla.redhat.com/show_bug.cgi?id=2369954
http://www.openwall.com/lists/oss-security/2025/06/18/2
https://access.redhat.com/errata/RHSA-2025:9303
https://access.redhat.com/errata/RHSA-2025:9304
https://access.redhat.com/errata/RHSA-2025:9305
https://access.redhat.com/errata/RHSA-2025:9306
https://access.redhat.com/errata/RHSA-2025:9392
https://access.redhat.com/errata/RHSA-2025:9964
https://access.redhat.com/errata/RHSA-2025:10258
https://access.redhat.com/errata/RHSA-2025:10342
https://access.redhat.com/errata/RHSA-2025:10343
https://access.redhat.com/errata/RHSA-2025:10347
https://access.redhat.com/errata/RHSA-2025:10348
https://access.redhat.com/errata/RHSA-2025:10344
https://access.redhat.com/errata/RHSA-2025:10346
https://access.redhat.com/errata/RHSA-2025:10349
https://access.redhat.com/errata/RHSA-2025:10350
https://access.redhat.com/errata/RHSA-2025:10351
https://access.redhat.com/errata/RHSA-2025:10352
https://access.redhat.com/errata/RHSA-2025:10355
https://access.redhat.com/errata/RHSA-2025:10356
https://access.redhat.com/errata/RHSA-2025:10360
https://access.redhat.com/errata/RHSA-2025:10370
https://access.redhat.com/errata/RHSA-2025:10374
https://access.redhat.com/errata/RHSA-2025:10375
https://access.redhat.com/errata/RHSA-2025:10376
https://access.redhat.com/errata/RHSA-2025:10377
https://access.redhat.com/errata/RHSA-2025:10378
https://access.redhat.com/errata/RHSA-2025:10381
https://access.redhat.com/errata/RHSA-2025:10410
https://lists.debian.org/debian-lts-announce/2025/06/msg00028.html
https://gitlab.freedesktop.org/xorg/xserver/-/commit/03731b326a80b582e48d939fe62cb1e2b10400d9
https://gitlab.freedesktop.org/xorg/xserver/-/commit/4fc4d76b2c7aaed61ed2653f997783a3714c4fe1
https://www.x.org/wiki/Development/Security/