Medium severity5.9NVD Advisory· Published Jul 27, 2018· Updated Jun 17, 2026
CVE-2017-2624
CVE-2017-2624
Description
It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7- osv-coords6 versionspkg:rpm/opensuse/xorg-x11-server&distro=openSUSE%20Tumbleweedpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2
< 1.20.13-1.2+ 5 more
- (no CPE)range: < 1.20.13-1.2
- (no CPE)range: < 7.6_1.18.3-71.1
- (no CPE)range: < 7.6_1.18.3-71.1
- (no CPE)range: < 7.6_1.18.3-71.1
- (no CPE)range: < 7.6_1.18.3-71.1
- (no CPE)range: < 7.6_1.18.3-71.1
- Range: 1.19.0
Patches
Vulnerability mechanics
References
8- gitlab.freedesktop.org/xorg/xserver/commit/d7ac755f0b618eb1259d93c8a16ec6e39a18627cnvdPatchThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdExploitIssue TrackingThird Party Advisory
- www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/nvdExploitThird Party Advisory
- www.securityfocus.com/bid/96480nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1037919nvdThird Party AdvisoryVDB Entry
- lists.debian.org/debian-lts-announce/2017/11/msg00032.htmlnvdThird Party Advisory
- security.gentoo.org/glsa/201704-03nvdThird Party Advisory
- security.gentoo.org/glsa/201710-30nvdThird Party Advisory
News mentions
0No linked articles in our index yet.