PT-2018-3157 · X.Org Foundation+5 · Libx11+5

Tobias Stoeckmann

Publicado

2018-08-24

Atualizado

2024-06-15

CVE-2018-14600

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions libX11 versions prior to 1.6.5

Description The issue is related to the XListExtensions function in the ListExt.c file of the libX11 library, which provides the client-side API for the X Window System. It is associated with a buffer overflow due to interpreting a variable as signed instead of unsigned, resulting in an out-of-bounds write. This could allow a remote attacker to cause a denial of service or execute arbitrary code.

Recommendations For libX11 versions prior to 1.6.5, update to version 1.6.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the XListExtensions function until a patch is available.

Correção

RCE

DoS

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

ALT-PU-2018-2452

BDU:2019-04258

CESA-2019_2079

CVE-2018-14600

DLA-1482-1

MGASA-2018-0377

OPENSUSE-SU-2018_2567-1

OPENSUSE-SU-2018_3012-1

OPENSUSE-SU-2024:10918-1

RHSA-2019:2079

RHSA-2019_2079

SUSE-SU-2018:2934-1

SUSE-SU-2018:2955-1

SUSE-SU-2018:3102-1

USN-3758-1

USN-3758-2

Produtos afetados

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Libx11

PT-2018-3157 · X.Org Foundation+5 · Libx11+5

CVE-2018-14600

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 127