Integer Overflow or Wraparound

Affecting libx11 package, versions <2:1.6.3-1ubuntu2.2

Report new vulnerabilities
Do your applications use this vulnerable package? Test your applications

Overview

Affected versions of this package are vulnerable to Integer Overflow or Wraparound. An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux.

Remediation

Upgrade libx11 to version or higher.

References

CVSS Score

6.7
medium severity
  • Attack Vector
    Local
  • Attack Complexity
    Low
  • Privileges Required
    High
  • User Interaction
    None
  • Scope
    Unchanged
  • Confidentiality
    High
  • Integrity
    High
  • Availability
    High
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE
CVE-2020-14344
CWE
CWE-190
Snyk ID
SNYK-UBUNTU1604-LIBX11-597384
Disclosed
05 Aug, 2020
Published
31 Jul, 2020