Описание
A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service.
Отчет
This vulnerability is rated as a moderate severity because the flaw exists in the X server’s request handling logic, where the “bytes to ignore” field in a client request is not properly validated. A malicious client can submit a request specifying a non-zero 'bytes to ignore' value that exceeds the actual request size, causing the server to advance its internal input pointer incorrectly. As a result, the server may skip over pending requests from other clients, disrupting normal processing and effectively denying service to legitimate users. This vulnerability primarily impacts system availability
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | xorg-x11-server | Will not fix | ||
| Red Hat Enterprise Linux 10 | xorg-x11-server-Xwayland | Fixed | RHSA-2025:9304 | 23.06.2025 |
| Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION | tigervnc | Fixed | RHSA-2025:10377 | 07.07.2025 |
| Red Hat Enterprise Linux 7.7 Advanced Update Support | tigervnc | Fixed | RHSA-2025:10376 | 07.07.2025 |
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | xorg-x11-server | Fixed | RHSA-2025:10360 | 07.07.2025 |
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | tigervnc | Fixed | RHSA-2025:10375 | 07.07.2025 |
| Red Hat Enterprise Linux 8 | xorg-x11-server | Fixed | RHSA-2025:9305 | 23.06.2025 |
| Red Hat Enterprise Linux 8 | xorg-x11-server-Xwayland | Fixed | RHSA-2025:9305 | 23.06.2025 |
| Red Hat Enterprise Linux 8 | tigervnc | Fixed | RHSA-2025:9392 | 23.06.2025 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | tigervnc | Fixed | RHSA-2025:10378 | 07.07.2025 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service.
A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service.
A flaw was found in the X server's request handling. Non-zero 'bytes t ...
A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service.
EPSS
5.5 Medium
CVSS3