Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-8101

Опубликовано: 09 дек. 2014
Источник: redhat
CVSS2: 2.3

Описание

The RandR extension in XFree86 4.2.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcRRQueryVersion, (2) SProcRRGetScreenInfo, (3) SProcRRSelectInput, or (4) SProcRRConfigureOutputProperty function.

Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server.

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-20->CWE-805->CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=1168713xorg-x11-server: out of bounds access due to not validating length or offset values in RandR extension

2.3 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-8101

ubuntu
больше 10 лет назад

The RandR extension in XFree86 4.2.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcRRQueryVersion, (2) SProcRRGetScreenInfo, (3) SProcRRSelectInput, or (4) SProcRRConfigureOutputProperty function.

nvd логотип

CVE-2014-8101

nvd
больше 10 лет назад

The RandR extension in XFree86 4.2.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcRRQueryVersion, (2) SProcRRGetScreenInfo, (3) SProcRRSelectInput, or (4) SProcRRConfigureOutputProperty function.

debian логотип

CVE-2014-8101

debian
больше 10 лет назад

The RandR extension in XFree86 4.2.0, X.Org X Window System (aka X11 o ...

github логотип

GHSA-5vpf-mx7j-6j95

github
больше 3 лет назад

The RandR extension in XFree86 4.2.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcRRQueryVersion, (2) SProcRRGetScreenInfo, (3) SProcRRSelectInput, or (4) SProcRRConfigureOutputProperty function.

oracle-oval логотип

ELSA-2014-1982

oracle-oval
больше 10 лет назад

ELSA-2014-1982: xorg-x11-server security update (IMPORTANT)

2.3 Low

CVSS2