Published: 11/09/2020 Updated: 07/11/2023

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 409

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged malicious user to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to confidentiality, integrity as well as system availability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
x.org libx11
fedoraproject fedora 33

Debian Bug report logs - #969008 libx11: CVE-2020-14363 Package: src:libx11; Maintainer for src:libx11 is Debian X Strike Force <debian-x@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 25 Aug 2020 21:54:01 UTC Severity: important Tags: security, upstream Found in version libx11/2 ...

Synopsis Moderate: OpenShift Container Platform 4520 bug fix and golang security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4520 is now available with updates to packages and images that fix several bugsThis release includes a security update for ...

Synopsis Important: libX11 security update Type/Severity Security Advisory: Important Topic An update for libX11 is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, w ...

Synopsis Important: libX11 security update Type/Severity Security Advisory: Important Topic An update for libX11 is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, w ...

An integer overflow vulnerability leading to a double-free was found in libX11 This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution The highest threat from this flaw is to confidentiality, integrity as well as system availability (CVE-2020-14363) ...

libx11_1.6.4 with proposed Fix poll_for_response race condition

libx11_164 bug fix This is the Ubuntu 1804 libx11_164 with the proposed Fix for the poll_for_response race condition bug The bug affects the following applications and desktops i have used so far Desktops lubuntu desktop LXDE desktop Applications Geany Leafpad pcmanfm Google Chrome Leafpad Crash screenshot Bug Steps to reproduce Boot Up your PC with Ubuntu and ent

CWE-190 https://lists.x.org/archives/xorg-announce/2020-August/003056.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14363 https://usn.ubuntu.com/4487-2/https://github.com/Ruia-ruia/Exploits/blob/master/x11doublefree.sh https://github.com/Ruia-ruia/Exploits/blob/master/DFX11details.txt https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969008 https://nvd.nist.gov https://github.com/avafinger/libx11_1.6.4 https://alas.aws.amazon.com/ALAS-2021-1462.html

CVE-2020-14363

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect