PT-2018-2301 · X.Org Foundation+5 · Libx11+5

Tobias Stoeckmann

Published

2018-07-27

Updated

2024-06-15

CVE-2018-14599

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions libX11 versions 1.6.5 and earlier

Description The issue is related to an off-by-one error in the XListExtensions function, caused by malicious server responses. This can lead to a denial of service (DoS) or possibly other unspecified impacts. The vulnerability can be exploited by a remote attacker using a specially crafted server response.

Recommendations For libX11 versions 1.6.5 and earlier, consider disabling the XListExtensions function as a temporary workaround until a patch is available. Restrict access to the vulnerable ListExt.c component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-682CWE-193

Related Identifiers

ALT-PU-2018-2452

BDU:2019-00431

CESA-2019_2079

CVE-2018-14599

DLA-1482-1

MGASA-2018-0377

OPENSUSE-SU-2018_2567-1

OPENSUSE-SU-2018_3012-1

OPENSUSE-SU-2024:10918-1

RHSA-2019:2079

RHSA-2019_2079

SUSE-SU-2018:2934-1

SUSE-SU-2018:2955-1

SUSE-SU-2018:3102-1

USN-3758-1

USN-3758-2

Affected Products

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Libx11

PT-2018-2301 · X.Org Foundation+5 · Libx11+5

CVE-2018-14599

Weakness Enumeration

Related Identifiers

Affected Products

References · 127