Lucene search

[email protected]CVE-2020-14346

HistorySep 15, 2020 - 7:15 p.m.

CVE-2020-14346

2020-09-1519:15:12

CWE-191

[email protected]

web.nvd.nist.gov

213

cve-2020-14346

xorg-x11-server

integer underflow

x input extension protocol

memory access

data confidentiality

data integrity

system availability

vulnerability

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.0%

JSON

A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Affected configurations

Vulners

NVD

Node

x.orgxorg-serverRange≤1.20.9

VendorProductVersionCPE
x\.orgxorg\-server*cpe:2.3:a:x\.org:xorg\-server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
x\.org	xorg\-server	*	cpe:2.3:a:x\.org:xorg\-server::::::::

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "xorg-x11-server",
    "versions": [
      {
        "version": "before xorg-x11-server 1.20.9",
        "status": "affected"
      }
    ]
  }
]