CVE-2025-49176

EPSS 0.27%
Veröffentlicht 17.06.2025 14:49:49
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in big requests extension

A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 38

CNA 47 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerX.Org

≫

Produkt xwayland

Default Statusunaffected

Version 0

Version < 24.1.7

Status affected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 10

Default Statusaffected

Version 0:24.1.5-4.el10_0

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION

Default Statusaffected

Version 0:1.1.0-25.el6_10.1

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 7.7 Advanced Update Support

Default Statusaffected

Version 0:1.8.0-17.el7_7.1

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 7 Extended Lifecycle Support

Default Statusaffected

Version 0:1.20.4-32.el7_9

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 7 Extended Lifecycle Support

Default Statusaffected

Version 0:1.8.0-36.el7_9.2

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8

Default Statusaffected

Version 0:1.20.11-26.el8_10

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8

Default Statusaffected

Version 0:21.1.3-18.el8_10

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8

Default Statusaffected

Version 0:1.15.0-7.el8_10

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.2 Advanced Update Support

Default Statusaffected

Version 0:1.9.0-15.el8_2.14

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.2 Advanced Update Support

Default Statusaffected

Version 0:1.20.6-4.el8_2

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support

Default Statusaffected

Version 0:1.20.10-2.el8_4

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support

Default Statusaffected

Version 0:1.11.0-8.el8_4.13

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Default Statusaffected

Version 0:1.20.10-2.el8_4

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Default Statusaffected

Version 0:1.11.0-8.el8_4.13

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support

Default Statusaffected

Version 0:1.12.0-6.el8_6.14

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support

Default Statusaffected

Version 0:21.1.3-2.el8_6.4

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support

Default Statusaffected

Version 0:1.20.11-5.el8_6.3

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On

Default Statusaffected

Version 0:1.12.0-6.el8_6.14

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On

Default Statusaffected

Version 0:21.1.3-2.el8_6.4

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Default Statusaffected

Version 0:1.12.0-6.el8_6.14

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Default Statusaffected

Version 0:21.1.3-2.el8_6.4

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Default Statusaffected

Version 0:1.20.11-5.el8_6.3

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions

Default Statusaffected

Version 0:1.12.0-6.el8_6.14

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions

Default Statusaffected

Version 0:21.1.3-2.el8_6.4

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions

Default Statusaffected

Version 0:1.20.11-5.el8_6.3

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.8 Extended Update Support Long-Life Add-On

Default Statusaffected

Version 0:1.20.11-16.el8_8

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.8 Extended Update Support Long-Life Add-On

Default Statusaffected

Version 0:21.1.3-11.el8_8

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Default Statusaffected

Version 0:1.20.11-16.el8_8

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Default Statusaffected

Version 0:1.12.0-15.el8_8.14

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Default Statusaffected

Version 0:21.1.3-11.el8_8

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions

Default Statusaffected

Version 0:1.20.11-16.el8_8

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions

Default Statusaffected

Version 0:1.12.0-15.el8_8.14

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions

Default Statusaffected

Version 0:21.1.3-11.el8_8

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9

Default Statusaffected

Version 0:1.20.11-31.el9_6

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9

Default Statusaffected

Version 0:23.2.7-4.el9_6

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9

Default Statusaffected

Version 0:1.14.1-8.el9_6

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Default Statusaffected

Version 0:21.1.3-3.el9_0

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Default Statusaffected

Version 0:1.20.11-11.el9_0

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Default Statusaffected

Version 0:1.11.0-22.el9_0.15

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Default Statusaffected

Version 0:21.1.3-8.el9_2

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Default Statusaffected

Version 0:1.20.11-18.el9_2

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Default Statusaffected

Version 0:1.12.0-14.el9_2.12

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9.4 Extended Update Support

Default Statusaffected

Version 0:22.1.9-6.el9_4

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9.4 Extended Update Support

Default Statusaffected

Version 0:1.20.11-26.el9_4

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9.4 Extended Update Support

Default Statusaffected

Version 0:1.13.1-8.el9_4.7

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 6

Default Statusaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.27%	0.501

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	7.3	1.8	5.5	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

https://access.redhat.com/security/cve/CVE-2025-49176

https://bugzilla.redhat.com/show_bug.cgi?id=2369954

http://www.openwall.com/lists/oss-security/2025/06/18/2

https://access.redhat.com/errata/RHSA-2025:9303

https://access.redhat.com/errata/RHSA-2025:9304

https://access.redhat.com/errata/RHSA-2025:9305

https://access.redhat.com/errata/RHSA-2025:9306

https://access.redhat.com/errata/RHSA-2025:9392

https://access.redhat.com/errata/RHSA-2025:9964

https://access.redhat.com/errata/RHSA-2025:10258

https://access.redhat.com/errata/RHSA-2025:10342

https://access.redhat.com/errata/RHSA-2025:10343