fkie_cve-2024-21885
Vulnerability from fkie_nvd
Published
2024-02-28 13:15
Modified
2024-11-21 08:55
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remote code execution in SSH X11 forwarding environments.
References
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:0320
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:0557
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:0558
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:0597
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:0607
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:0614
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:0617
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:0621
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:0626
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:0629
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:2169
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:2170
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:2995
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:2996
secalert@redhat.comhttps://access.redhat.com/security/cve/CVE-2024-21885
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2256540
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:0320
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:0557
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:0558
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:0597
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:0607
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:0614
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:0617
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:0621
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:0626
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:0629
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:2169
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:2170
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:2995
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:2996
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/security/cve/CVE-2024-21885
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=2256540
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20240503-0004/
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remote code execution in SSH X11 forwarding environments."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 una falla en el servidor X.Org. En la funci\u00f3n XISendDeviceHierarchyEvent, es posible exceder la longitud de la matriz asignada cuando se agregan ciertos ID de dispositivo nuevos a la estructura xXIHierarchyInfo. Esto puede desencadenar una condici\u00f3n de desbordamiento de b\u00fafer de almacenamiento din\u00e1mico, lo que puede provocar un bloqueo de la aplicaci\u00f3n o la ejecuci\u00f3n remota de c\u00f3digo en entornos de reenv\u00edo SSH X11."
    }
  ],
  "id": "CVE-2024-21885",
  "lastModified": "2024-11-21T08:55:11.417",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-02-28T13:15:08.197",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:0320"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:0557"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:0558"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:0597"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:0607"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:0614"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:0617"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:0621"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:0626"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:0629"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:2169"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:2170"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:2995"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:2996"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21885"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256540"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:0320"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:0557"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:0558"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:0597"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:0607"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:0614"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:0617"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:0621"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:0626"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:0629"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:2169"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:2170"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:2995"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:2996"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/security/cve/CVE-2024-21885"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256540"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240503-0004/"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-122"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.