Lucene search

K

[email protected]NVD:CVE-2013-2004

HistoryJun 15, 2013 - 8:55 p.m.

CVE-2013-2004

2013-06-1520:55:00

CWE-119

[email protected]

web.nvd.nist.gov

1

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.2%

The (1) GetDatabase and (2) _XimParseStringFile functions in X.org libX11 1.5.99.901 (1.6 RC1) and earlier do not restrict the recursion depth when processing directives to include files, which allows X servers to cause a denial of service (stack consumption) via a crafted file.

Affected configurations

NVD

Node

xlibx11Range≤1.5.99.901

OR

xlibx11Match1.5.0

References

www.debian.org/security/2013/dsa-2693

www.openwall.com/lists/oss-security/2013/05/23/3

www.ubuntu.com/usn/USN-1854-1

www.x.org/wiki/Development/Security/Advisory-2013-05-23

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.2%

Related for NVD:CVE-2013-2004

prion1 cve1 debiancve1 ubuntucve1 cvelist1 openvas14 ubuntu1 fedora2 debian1 nessus18 securityvulns2 ibm3 amazon1 veracode25 redhat1 centos1 freebsd1 mageia1 gentoo1