Unrated severityNVD Advisory· Published Sep 11, 2020· Updated Aug 4, 2024

CVE-2020-14363

Description

An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to confidentiality, integrity as well as system availability.

Affected products

osv-coords41 versions
pkg:rpm/almalinux/libglvnd pkg:rpm/almalinux/libglvnd-core-devel pkg:rpm/almalinux/libglvnd-devel pkg:rpm/almalinux/libglvnd-egl pkg:rpm/almalinux/libglvnd-gles pkg:rpm/almalinux/libglvnd-glx pkg:rpm/almalinux/libglvnd-opengl pkg:rpm/almalinux/libinput-devel pkg:rpm/almalinux/libwacom-devel pkg:rpm/almalinux/mesa-libgbm-devel pkg:rpm/almalinux/mesa-libOSMesa-devel pkg:rpm/almalinux/xorg-x11-drivers pkg:rpm/almalinux/xorg-x11-server-devel pkg:rpm/almalinux/xorg-x11-server-source pkg:rpm/opensuse/libX11&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/libX11&distro=openSUSE%20Leap%2015.2 pkg:rpm/opensuse/libX11&distro=openSUSE%20Tumbleweed pkg:rpm/suse/libX11&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/libX11&distro=SUSE%20Enterprise%20Storage%205 pkg:rpm/suse/libX11&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/libX11&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/libX11&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1 pkg:rpm/suse/libX11&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2 pkg:rpm/suse/libX11&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/libX11&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/libX11&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL pkg:rpm/suse/libX11&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS pkg:rpm/suse/libX11&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS pkg:rpm/suse/libX11&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/libX11&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS pkg:rpm/suse/libX11&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/libX11&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/libX11&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/libX11&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/libX11&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015 pkg:rpm/suse/libX11&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/libX11&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/libX11&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/libX11&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/libX11&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/libX11&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 1:1.3.2-1.el8+ 40 more
- (no CPE)range: < 1:1.3.2-1.el8
- (no CPE)range: < 1:1.3.2-1.el8
- (no CPE)range: < 1:1.3.2-1.el8
- (no CPE)range: < 1:1.3.2-1.el8
- (no CPE)range: < 1:1.3.2-1.el8
- (no CPE)range: < 1:1.3.2-1.el8
- (no CPE)range: < 1:1.3.2-1.el8
- (no CPE)range: < 1.16.3-1.el8
- (no CPE)range: < 1.6-2.el8
- (no CPE)range: < 20.3.3-2.el8
- (no CPE)range: < 20.3.3-2.el8
- (no CPE)range: < 7.7-30.el8
- (no CPE)range: < 1.20.10-1.el8
- (no CPE)range: < 1.20.10-1.el8
- (no CPE)range: < 1.6.5-lp151.4.9.1
- (no CPE)range: < 1.6.5-lp152.5.9.1
- (no CPE)range: < 1.7.2-1.2
- (no CPE)range: < 1.6.2-12.15.1
- (no CPE)range: < 1.6.2-12.15.1
- (no CPE)range: < 1.6.5-3.12.1
- (no CPE)range: < 1.6.5-3.12.1
- (no CPE)range: < 1.6.5-3.12.1
- (no CPE)range: < 1.6.5-3.12.1
- (no CPE)range: < 1.6.2-12.15.1
- (no CPE)range: < 1.6.2-12.15.1
- (no CPE)range: < 1.6.2-12.15.1
- (no CPE)range: < 1.6.2-12.15.1
- (no CPE)range: < 1.6.2-12.15.1
- (no CPE)range: < 1.6.2-12.15.1
- (no CPE)range: < 1.6.5-3.12.1
- (no CPE)range: < 1.6.2-12.15.1
- (no CPE)range: < 1.6.2-12.15.1
- (no CPE)range: < 1.6.2-12.15.1
- (no CPE)range: < 1.6.2-12.15.1
- (no CPE)range: < 1.6.5-3.12.1
- (no CPE)range: < 1.6.2-12.15.1
- (no CPE)range: < 1.6.2-12.15.1
- (no CPE)range: < 1.6.2-12.15.1
- (no CPE)range: < 1.6.2-12.15.1
- (no CPE)range: < 1.6.2-12.15.1
- (no CPE)range: < 1.6.2-12.15.1
The X11 Project/libX11v5
Range: 1.6.12

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/mitrevendor-advisoryx_refsource_FEDORA
usn.ubuntu.com/4487-2/mitrevendor-advisoryx_refsource_UBUNTU
bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
github.com/Ruia-ruia/Exploits/blob/master/DFX11details.txtmitrex_refsource_MISC
github.com/Ruia-ruia/Exploits/blob/master/x11doublefree.shmitrex_refsource_MISC
lists.x.org/archives/xorg-announce/2020-August/003056.htmlmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000