Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-49177

Опубликовано: 17 июн. 2025
Источник: debian
EPSS Низкий

Описание

A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
xorg-serverfixed2:21.1.16-1.2package
xorg-servernot-affectedbullseyepackage
xwaylandunfixedpackage
xwaylandignoredbookwormpackage

Примечания

  • Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/ab02fb96b1c701c3bb47617d965522c34befa6af

EPSS

Процентиль: 4%
0.0002
Низкий

Связанные уязвимости

CVSS3: 6.1
ubuntu
около 2 месяцев назад

A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests.

CVSS3: 6.1
redhat
около 2 месяцев назад

A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests.

CVSS3: 6.1
nvd
около 2 месяцев назад

A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests.

CVSS3: 5.5
github
около 2 месяцев назад

A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests.

suse-cvrf
около 2 месяцев назад

Security update for xorg-x11-server

EPSS

Процентиль: 4%
0.0002
Низкий