Lucene search

[email protected]CVE-2021-4011

HistoryDec 17, 2021 - 5:15 p.m.

CVE-2021-4011

2021-12-1717:15:13

CWE-119

[email protected]

web.nvd.nist.gov

124

xorg-x11-server

out-of-bounds access

data confidentiality

integrity

system availability

cve-2021-4011

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.0%

JSON

A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SwapCreateRegister function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Affected configurations

Vulners

NVD

Node

x.orgxorg-serverRange≤21.1.2

x.orgxorg-serverRange≤1.20.14

VendorProductVersionCPE
x\.orgxorg\-server*cpe:2.3:a:x\.org:xorg\-server:*:*:*:*:*:*:*:*
x\.orgxorg\-server*cpe:2.3:a:x\.org:xorg\-server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
x\.org	xorg\-server	*	cpe:2.3:a:x\.org:xorg\-server::::::::
x\.org	xorg\-server	*	cpe:2.3:a:x\.org:xorg\-server::::::::

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "xorg-x11-server",
    "versions": [
      {
        "version": "xorg-x11-server 21.1.2, xorg-x11-server 1.20.14",
        "status": "affected"
      }
    ]
  }
]