Unrated severityNVD Advisory· Published Aug 5, 2020· Updated Aug 4, 2024

CVE-2020-14344

Description

An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux.

Affected products

osv-coords71 versions
pkg:rpm/almalinux/libglvnd pkg:rpm/almalinux/libglvnd-core-devel pkg:rpm/almalinux/libglvnd-devel pkg:rpm/almalinux/libglvnd-egl pkg:rpm/almalinux/libglvnd-gles pkg:rpm/almalinux/libglvnd-glx pkg:rpm/almalinux/libglvnd-opengl pkg:rpm/almalinux/libinput-devel pkg:rpm/almalinux/libwacom-devel pkg:rpm/almalinux/mesa-libgbm-devel pkg:rpm/almalinux/mesa-libOSMesa-devel pkg:rpm/almalinux/xorg-x11-drivers pkg:rpm/almalinux/xorg-x11-server-devel pkg:rpm/almalinux/xorg-x11-server-source pkg:rpm/opensuse/libX11&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/libX11&distro=openSUSE%20Leap%2015.2 pkg:rpm/opensuse/libX11&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/libxcb&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/libxcb&distro=openSUSE%20Leap%2015.2 pkg:rpm/suse/libX11&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/libX11&distro=SUSE%20Enterprise%20Storage%205 pkg:rpm/suse/libX11&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/libX11&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/libX11&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1 pkg:rpm/suse/libX11&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2 pkg:rpm/suse/libX11&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/libX11&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/libX11&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL pkg:rpm/suse/libX11&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS pkg:rpm/suse/libX11&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS pkg:rpm/suse/libX11&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/libX11&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS pkg:rpm/suse/libX11&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/libX11&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/libX11&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/libX11&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/libX11&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015 pkg:rpm/suse/libX11&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/libX11&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/libX11&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/libX11&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/libX11&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/libX11&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/libxcb&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/libxcb&distro=SUSE%20Enterprise%20Storage%205 pkg:rpm/suse/libxcb&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/libxcb&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/libxcb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1 pkg:rpm/suse/libxcb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2 pkg:rpm/suse/libxcb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1 pkg:rpm/suse/libxcb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP2 pkg:rpm/suse/libxcb&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/libxcb&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/libxcb&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL pkg:rpm/suse/libxcb&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS pkg:rpm/suse/libxcb&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS pkg:rpm/suse/libxcb&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/libxcb&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS pkg:rpm/suse/libxcb&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/libxcb&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/libxcb&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/libxcb&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/libxcb&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015 pkg:rpm/suse/libxcb&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/libxcb&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/libxcb&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/libxcb&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/libxcb&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/libxcb&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/xorg-x11-libX11&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3 pkg:rpm/suse/xorg-x11-libX11&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS
< 1:1.3.2-1.el8+ 70 more
- (no CPE)range: < 1:1.3.2-1.el8
- (no CPE)range: < 1:1.3.2-1.el8
- (no CPE)range: < 1:1.3.2-1.el8
- (no CPE)range: < 1:1.3.2-1.el8
- (no CPE)range: < 1:1.3.2-1.el8
- (no CPE)range: < 1:1.3.2-1.el8
- (no CPE)range: < 1:1.3.2-1.el8
- (no CPE)range: < 1.16.3-1.el8
- (no CPE)range: < 1.6-2.el8
- (no CPE)range: < 20.3.3-2.el8
- (no CPE)range: < 20.3.3-2.el8
- (no CPE)range: < 7.7-30.el8
- (no CPE)range: < 1.20.10-1.el8
- (no CPE)range: < 1.20.10-1.el8
- (no CPE)range: < 1.6.5-lp151.4.3.1
- (no CPE)range: < 1.6.5-lp152.5.3.1
- (no CPE)range: < 1.7.2-1.2
- (no CPE)range: < 1.13-lp151.4.3.1
- (no CPE)range: < 1.13-lp152.5.3.1
- (no CPE)range: < 1.6.2-12.8.1
- (no CPE)range: < 1.6.2-12.8.1
- (no CPE)range: < 1.6.5-3.6.2
- (no CPE)range: < 1.6.5-3.6.2
- (no CPE)range: < 1.6.5-3.6.2
- (no CPE)range: < 1.6.5-3.6.2
- (no CPE)range: < 1.6.2-12.8.1
- (no CPE)range: < 1.6.2-12.8.1
- (no CPE)range: < 1.6.2-12.8.1
- (no CPE)range: < 1.6.2-12.8.1
- (no CPE)range: < 1.6.2-12.8.1
- (no CPE)range: < 1.6.2-12.8.1
- (no CPE)range: < 1.6.5-3.6.2
- (no CPE)range: < 1.6.2-12.8.1
- (no CPE)range: < 1.6.2-12.8.1
- (no CPE)range: < 1.6.2-12.8.1
- (no CPE)range: < 1.6.2-12.8.1
- (no CPE)range: < 1.6.5-3.6.2
- (no CPE)range: < 1.6.2-12.8.1
- (no CPE)range: < 1.6.2-12.8.1
- (no CPE)range: < 1.6.2-12.8.1
- (no CPE)range: < 1.6.2-12.8.1
- (no CPE)range: < 1.6.2-12.8.1
- (no CPE)range: < 1.6.2-12.8.1
- (no CPE)range: < 1.10-4.5.1
- (no CPE)range: < 1.10-4.5.1
- (no CPE)range: < 1.13-3.5.1
- (no CPE)range: < 1.13-3.5.1
- (no CPE)range: < 1.13-3.5.1
- (no CPE)range: < 1.13-3.5.1
- (no CPE)range: < 1.13-3.5.1
- (no CPE)range: < 1.13-3.5.1
- (no CPE)range: < 1.10-4.5.1
- (no CPE)range: < 1.10-4.5.1
- (no CPE)range: < 1.10-4.5.1
- (no CPE)range: < 1.10-4.5.1
- (no CPE)range: < 1.10-4.5.1
- (no CPE)range: < 1.10-4.5.1
- (no CPE)range: < 1.13-3.5.1
- (no CPE)range: < 1.10-4.5.1
- (no CPE)range: < 1.10-4.5.1
- (no CPE)range: < 1.10-4.5.1
- (no CPE)range: < 1.10-4.5.1
- (no CPE)range: < 1.13-3.5.1
- (no CPE)range: < 1.10-4.5.1
- (no CPE)range: < 1.10-4.5.1
- (no CPE)range: < 1.10-4.5.1
- (no CPE)range: < 1.10-4.5.1
- (no CPE)range: < 1.10-4.5.1
- (no CPE)range: < 1.10-4.5.1
- (no CPE)range: < 7.4-5.11.72.15.1
- (no CPE)range: < 7.4-5.11.72.15.1
The X11 Project/libX11v5
Range: 1.6.10

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.opensuse.org/opensuse-security-announce/2020-08/msg00014.htmlmitrevendor-advisoryx_refsource_SUSE
lists.opensuse.org/opensuse-security-announce/2020-08/msg00015.htmlmitrevendor-advisoryx_refsource_SUSE
lists.opensuse.org/opensuse-security-announce/2020-08/msg00024.htmlmitrevendor-advisoryx_refsource_SUSE
lists.opensuse.org/opensuse-security-announce/2020-08/msg00031.htmlmitrevendor-advisoryx_refsource_SUSE
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4VDDSAYV7XGNRCXE7HCU23645MG74OFF/mitrevendor-advisoryx_refsource_FEDORA
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/mitrevendor-advisoryx_refsource_FEDORA
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XY4H2SIEF2362AMNX5ZKWAELGU7LKFJB/mitrevendor-advisoryx_refsource_FEDORA
security.gentoo.org/glsa/202008-18mitrevendor-advisoryx_refsource_GENTOO
usn.ubuntu.com/4487-1/mitrevendor-advisoryx_refsource_UBUNTU
usn.ubuntu.com/4487-2/mitrevendor-advisoryx_refsource_UBUNTU
bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
lists.x.org/archives/xorg-announce/2020-July/003050.htmlmitrex_refsource_MISC
www.openwall.com/lists/oss-security/2020/07/31/1mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000