Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-46344

Опубликовано: 14 дек. 2022
Источник: nvd
CVSS3: 8.8
EPSS Низкий

Описание

A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:x.org:x_server:1.20.4:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

EPSS

Процентиль: 73%
0.00813
Низкий

8.8 High

CVSS3

Дефекты

CWE-125

Связанные уязвимости

ubuntu логотип

CVE-2022-46344

CVSS3: 8.8
ubuntu
больше 2 лет назад

A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.

redhat логотип

CVE-2022-46344

CVSS3: 8.8
redhat
больше 2 лет назад

A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.

debian логотип

CVE-2022-46344

CVSS3: 8.8
debian
больше 2 лет назад

A vulnerability was found in X.Org. This security flaw occurs because ...

github логотип

GHSA-jjf8-5xjq-fq8j

CVSS3: 8.8
github
больше 2 лет назад

A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.

fstec логотип

BDU:2023-07839

CVSS3: 8.8
fstec
больше 2 лет назад

Уязвимость функций ProcXIChangeProperty и ProcXChangeDeviceProperty реализации сервера X Window System X.Org Server, реализации протокола Wayland для X.Org XWayland, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

EPSS

Процентиль: 73%
0.00813
Низкий

8.8 High

CVSS3

Дефекты

CWE-125