Published: 15/09/2020 Updated: 16/09/2020
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

A flaw was found in xorg-x11-server prior to 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Vulnerability Trend

Vendor Advisories

Several vulnerabilities have been discovered in the XOrg X server Missing input sanitising in X server extensions may result in local privilege escalation if the X server is configured to run with root privileges In addition an ASLR bypass was fixed For the stable distribution (buster), these problems have been fixed in version 2:1204-1+deb10 ...

Mailing Lists

Multiple input validation failures in X server extensions ========================================================= All theses issuses can lead to local privileges elevation on systems where the X server is running privileged * CVE-2020-14345 / ZDI CAN 11428 XkbSetNames Out-Of-Bounds Access The handler for the XkbSetNames request does not vali ...