Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-46341

Опубликовано: 14 дек. 2022
Источник: nvd
CVSS3: 8.8
EPSS Низкий

Описание

A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:x.org:x_server:1.20.4:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

EPSS

Процентиль: 76%
0.00994
Низкий

8.8 High

CVSS3

Дефекты

CWE-787
CWE-787

Связанные уязвимости

ubuntu логотип

CVE-2022-46341

CVSS3: 8.8
ubuntu
больше 2 лет назад

A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.

redhat логотип

CVE-2022-46341

CVSS3: 8.8
redhat
больше 2 лет назад

A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.

debian логотип

CVE-2022-46341

CVSS3: 8.8
debian
больше 2 лет назад

A vulnerability was found in X.Org. This security flaw occurs because ...

github логотип

GHSA-cj4x-645f-6pwx

CVSS3: 8.8
github
больше 2 лет назад

A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.

fstec логотип

BDU:2023-07836

CVSS3: 8.8
fstec
больше 2 лет назад

Уязвимость функции ProcXIPassiveUngrabDevice реализации протокола Wayland для X.Org XWayland, реализации сервера X Window System X.Org Server, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

EPSS

Процентиль: 76%
0.00994
Низкий

8.8 High

CVSS3

Дефекты

CWE-787
CWE-787