← Zuruck zu CVEs
CVE-2020-14344
MEDIUM6.7
Beschreibung
An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux.
CVE Details
CVSS v3.1 Bewertung6.7
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorLOCAL
KomplexitatLOW
Erforderliche PrivilegienHIGH
BenutzerinteraktionNONE
Veroffentlicht8/5/2020
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
canonical:ubuntu_linuxfedoraproject:fedoraopensuse:leapx.org:libx11
Schwachen (CWE)
CWE-190CWE-190
Referenzen
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00014.html(secalert@redhat.com)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00015.html(secalert@redhat.com)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00024.html(secalert@redhat.com)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00031.html(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14344(secalert@redhat.com)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4VDDSAYV7XGNRCXE7HCU23645MG74OFF/(secalert@redhat.com)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/(secalert@redhat.com)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XY4H2SIEF2362AMNX5ZKWAELGU7LKFJB/(secalert@redhat.com)
https://lists.x.org/archives/xorg-announce/2020-July/003050.html(secalert@redhat.com)
https://security.gentoo.org/glsa/202008-18(secalert@redhat.com)
https://usn.ubuntu.com/4487-1/(secalert@redhat.com)
https://usn.ubuntu.com/4487-2/(secalert@redhat.com)
https://www.openwall.com/lists/oss-security/2020/07/31/1(secalert@redhat.com)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00014.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00015.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00024.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00031.html(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14344(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4VDDSAYV7XGNRCXE7HCU23645MG74OFF/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XY4H2SIEF2362AMNX5ZKWAELGU7LKFJB/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.x.org/archives/xorg-announce/2020-July/003050.html(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202008-18(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/4487-1/(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/4487-2/(af854a3a-2127-422b-91ae-364da2661108)
https://www.openwall.com/lists/oss-security/2020/07/31/1(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.