← Zuruck zu CVEs
CVE-2020-14363
HIGH7.8
Beschreibung
An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to confidentiality, integrity as well as system availability.
CVE Details
CVSS v3.1 Bewertung7.8
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorLOCAL
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht9/11/2020
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
fedoraproject:fedorax.org:libx11
Schwachen (CWE)
CWE-190CWE-416CWE-190
Referenzen
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14363(secalert@redhat.com)
https://github.com/Ruia-ruia/Exploits/blob/master/DFX11details.txt(secalert@redhat.com)
https://github.com/Ruia-ruia/Exploits/blob/master/x11doublefree.sh(secalert@redhat.com)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/(secalert@redhat.com)
https://lists.x.org/archives/xorg-announce/2020-August/003056.html(secalert@redhat.com)
https://usn.ubuntu.com/4487-2/(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14363(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/Ruia-ruia/Exploits/blob/master/DFX11details.txt(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/Ruia-ruia/Exploits/blob/master/x11doublefree.sh(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.x.org/archives/xorg-announce/2020-August/003056.html(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/4487-2/(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.