← Retour aux CVEs
CVE-2020-14344
MEDIUM6.7
Description
An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux.
Details CVE
Score CVSS v3.16.7
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueLOCAL
ComplexiteLOW
Privileges requisHIGH
Interaction utilisateurNONE
Publie8/5/2020
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
canonical:ubuntu_linuxfedoraproject:fedoraopensuse:leapx.org:libx11
Faiblesses (CWE)
CWE-190CWE-190
References
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00014.html(secalert@redhat.com)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00015.html(secalert@redhat.com)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00024.html(secalert@redhat.com)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00031.html(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14344(secalert@redhat.com)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4VDDSAYV7XGNRCXE7HCU23645MG74OFF/(secalert@redhat.com)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/(secalert@redhat.com)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XY4H2SIEF2362AMNX5ZKWAELGU7LKFJB/(secalert@redhat.com)
https://lists.x.org/archives/xorg-announce/2020-July/003050.html(secalert@redhat.com)
https://security.gentoo.org/glsa/202008-18(secalert@redhat.com)
https://usn.ubuntu.com/4487-1/(secalert@redhat.com)
https://usn.ubuntu.com/4487-2/(secalert@redhat.com)
https://www.openwall.com/lists/oss-security/2020/07/31/1(secalert@redhat.com)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00014.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00015.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00024.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00031.html(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14344(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4VDDSAYV7XGNRCXE7HCU23645MG74OFF/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XY4H2SIEF2362AMNX5ZKWAELGU7LKFJB/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.x.org/archives/xorg-announce/2020-July/003050.html(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202008-18(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/4487-1/(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/4487-2/(af854a3a-2127-422b-91ae-364da2661108)
https://www.openwall.com/lists/oss-security/2020/07/31/1(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.