Lucene search

K

Veracode Vulnerability DatabaseVERACODE:44695

HistoryDec 15, 2023 - 7:30 a.m.

Integer Overflow

2023-12-1507:30:42

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

12

xwayland

sid

integer overflow

xorg-server

vulnerability

disclosure

sensitive information

software

7.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

6.3 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

55.9%

xwayland:sid is vulnerable to Integer Overflow. The vulnerability due to xorg-server crafted request to RRChangeProviderProperty or RRChangeOutputProperty. It leads to allow an attacker to a disclosure of sensitive information.

CPENameOperatorVersion
xwayland:sideq2:1.20.8-2
xwayland:sideq2:1.20.11-1
xorg-server:3.19eq21.1.8-r3
xorg-server:3.19eq21.1.9-r0
xorg-server:edgeeq1.20.8-r0
xorg-server:edgeeq1.20.8-r1
xorg-server:edgeeq21.1.7-r0
xorg-server:edgeeq21.1.4-r0
xorg-server:edgeeq1.20.10-r3
xorg-server:edgeeq1.20.8-r2

Rows per page:

1-10 of 561

References

www.openwall.com/lists/oss-security/2023/12/13/1

access.redhat.com/errata/RHSA-2023:7886

access.redhat.com/errata/RHSA-2024:0006

access.redhat.com/errata/RHSA-2024:0009

access.redhat.com/errata/RHSA-2024:0010

access.redhat.com/errata/RHSA-2024:0014

access.redhat.com/errata/RHSA-2024:0015

access.redhat.com/errata/RHSA-2024:0016

access.redhat.com/errata/RHSA-2024:0017

access.redhat.com/errata/RHSA-2024:0018

access.redhat.com/errata/RHSA-2024:0020

access.redhat.com/errata/RHSA-2024:2169

access.redhat.com/errata/RHSA-2024:2170

access.redhat.com/errata/RHSA-2024:2995

access.redhat.com/errata/RHSA-2024:2996

access.redhat.com/security/cve/CVE-2023-6478

bugzilla.redhat.com/show_bug.cgi?id=2253298

gitlab.freedesktop.org/xorg/xserver/-/commit/14f480010a93ff962fef66a16412fafff81ad632

lists.debian.org/debian-lts-announce/2023/12/msg00008.html

lists.fedoraproject.org/archives/list/[email protected]/message/6R63Z6GIWM3YUNZRCGFODUXLW3GY2HD6/

lists.fedoraproject.org/archives/list/[email protected]/message/7PP47YXKM5ETLCYEF6473R3VFCJ6QT2S/

lists.fedoraproject.org/archives/list/[email protected]/message/IFHV5KCQ2SVOD4QMCPZ5HC6YL44L7YJD/

lists.fedoraproject.org/archives/list/[email protected]/message/LJDFWDB7EQVZA45XDP7L5WRSRWS6RVRR/

lists.x.org/archives/xorg-announce/2023-December/003435.html

security-tracker.debian.org/tracker/CVE-2023-6478

security.gentoo.org/glsa/202401-30

security.netapp.com/advisory/ntap-20240125-0003/

www.debian.org/security/2023/dsa-5576

7.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

6.3 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

55.9%