Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2021-31535

Published: 27/05/2021 Updated: 07/11/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 670
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to X Window System

Vulnerability Summary

LookupCol.c in X.Org X through X11R7.7 and libX11 prior to 1.7.1 might allow remote malicious users to execute arbitrary code. The libX11 XLookupColor request (intended for server-side color lookup) contains a flaw allowing a client to send color-name requests with a name longer than the maximum size allowed by the protocol (and also longer than the maximum packet size for normal-sized packets). The user-controlled data exceeding the maximum size is then interpreted by the server as additional X protocol requests and executed, e.g., to disable X server authorization completely. For example, if the victim encounters malicious terminal control sequences for color codes, then the attacker may be able to take full control of the running graphical session.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

x.org x window system

x.org libx11

fedoraproject fedora 33

Vendor Advisories

Debian CVElist Bug Report Logs: libx11: CVE-2021-31535: Missing request length checks
Debian Bug report logs - #988737 libx11: CVE-2021-31535: Missing request length checks Package: src:libx11; Maintainer for src:libx11 is Debian X Strike Force <debian-x@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 18 May 2021 19:15:02 UTC Severity: grave Tags: security, upstream ...
Red Hat: Important: OpenShift Virtualization 4.11.0 Images security and bug fix update
Synopsis Important: OpenShift Virtualization 4110 Images security and bug fix update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Virtualization release 4110 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a secur ...
Red Hat: Important: OpenShift Container Platform 4.11.0 bug fix and security update
Synopsis Important: OpenShift Container Platform 4110 bug fix and security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 4110 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Co ...
Debian Security Advisories: DSA-4920-1 libx11 -- security update
Roman Fiedler reported that missing length validation in various functions provided by libx11, the X11 client-side library, allow to inject X11 protocol commands on X clients, leading to authentication bypass, denial of service or potentially the execution of arbitrary code For the stable distribution (buster), this problem has been fixed in versi ...
Amazon Linux 2: ALAS2-2021-1686
A missing validation flaw was found in libX11 This flaw allows an attacker to inject X11 protocol commands on X clients, and in some cases, also bypass, authenticate (via injection of control characters), or potentially execute arbitrary code with permissions of the application compiled with libX11 The highest threat from this vulnerability is to ...
Amazon Linux AMI: ALAS-2021-1517
A missing validation flaw was found in libX11 This flaw allows an attacker to inject X11 protocol commands on X clients, and in some cases, also bypass, authenticate (via injection of control characters), or potentially execute arbitrary code with permissions of the application compiled with libX11 The highest threat from this vulnerability is to ...
Red Hat: CVE-2021-31535
No description is available for this CVE ...
Arch Linux Issues:
Severity Unknown Remote Unknown Type Unknown Description AVG-1968 libx11 170-4 Unknown Vulnerable ...

Mailing Lists

Full Disclosure: CVE-2021-31535 libX11 Insufficient Length Checks PoC and Archeology
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> CVE-2021-31535 libX11 Insufficient Length Checks PoC and Archeology <!--X-Subject-Header-End--> <!--X-Head-of-Message- ...
Full Disclosure: libX11 security advisory: May 18, 2021
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> libX11 security advisory: May 18, 2021 <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Matthieu Herrb &lt;matthie ...

Github Repositories

https://github.com/deepin-community/libx11

libX11 - Core X11 protocol client library Documentation for this library can be found in the included man pages, and in the Xlib spec from the specs subdirectory, also available at: wwwxorg/releases/current/doc/libX11/libX11/libX11html wwwxorg/releases/current/doc/libX11/libX11/libX11pdf and the O'Reilly Xlib books, which they have made freely a

https://github.com/ciwei100000/debian-libx11

Mirror of libx11 packaging

libX11 - Core X11 protocol client library Documentation for this library can be found in the included man pages, and in the Xlib spec from the specs subdirectory, also available at: wwwxorg/releases/current/doc/libX11/libX11/libX11html wwwxorg/releases/current/doc/libX11/libX11/libX11pdf and the O'Reilly Xlib books, which they have made freely a

https://github.com/balabit-deps/balabit-os-9-libx11

libX11 - Core X11 protocol client library Documentation for this library can be found in the included man pages, and in the Xlib spec from the specs subdirectory, also available at: wwwxorg/releases/current/doc/libX11/libX11/libX11html wwwxorg/releases/current/doc/libX11/libX11/libX11pdf and the O'Reilly Xlib books, which they have made freely a

https://github.com/pexip/os-libx11

Packaging for libx11

libX11 - Core X11 protocol client library Documentation for this library can be found in the included man pages, and in the Xlib spec from the specs subdirectory, also available at: wwwxorg/releases/current/doc/libX11/libX11/libX11html wwwxorg/releases/current/doc/libX11/libX11/libX11pdf and the O'Reilly Xlib books, which they have made freely a

https://github.com/mirror/libX11

Xlib/libX11 mirror

libX11 - Core X11 protocol client library Documentation for this library can be found in the included man pages, and in the Xlib spec from the specs subdirectory, also available at: wwwxorg/releases/current/doc/libX11/libX11/libX11html wwwxorg/releases/current/doc/libX11/libX11/libX11pdf and the O'Reilly Xlib books, which they have made freely a

https://github.com/janisozaur/libx11

libX11 - Core X11 protocol client library Documentation for this library can be found in the included man pages, and in the Xlib spec from the specs subdirectory, also available at: wwwxorg/releases/current/doc/libX11/libX11/libX11html wwwxorg/releases/current/doc/libX11/libX11/libX11pdf and the O'Reilly Xlib books, which they have made freely a

References

CWE-120https://unparalleled.eu/blog/2021/20210518-using-xterm-to-navigate-the-huge-color-space/https://unparalleled.eu/publications/2021/advisory-unpar-2021-1.txthttps://lists.freedesktop.org/archives/xorg/https://www.openwall.com/lists/oss-security/2021/05/18/2https://www.openwall.com/lists/oss-security/2021/05/18/3https://lists.x.org/archives/xorg-announce/2021-May/003088.htmlhttps://lists.debian.org/debian-lts-announce/2021/05/msg00021.htmlhttp://packetstormsecurity.com/files/162737/libX11-Insufficient-Length-Check-Injection.htmlhttps://www.debian.org/security/2021/dsa-4920http://www.openwall.com/lists/oss-security/2021/05/18/2https://security.gentoo.org/glsa/202105-16http://seclists.org/fulldisclosure/2021/May/52https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/8d2e02ae650f00c4a53deb625211a0527126c605https://security.netapp.com/advisory/ntap-20210813-0001/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEOT4RLB76RVPJQKGGTIKTBIOLHX2NR6/https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3Ehttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988737https://www.debian.org/security/2021/dsa-4920https://nvd.nist.govhttps://github.com/ciwei100000/debian-libx11
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook