CVE-2008-1377 — X11 vulnerability

CWE-1898 documents8 sources

Severity

9.0CRITICALNVD

EPSS

2.4%

top 15.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

X.org Xorg-server X X11

Timeline

PublishedJun 16

Latest updateMay 3

Description

The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages2 packages

▶Debianx.org/xorg-server< 2:1.4.1~git20080517-2+3

▶NVDx/x11r7.3

Patches

Patch: lists.opensuse.org ↗Patch: rhn.redhat.com ↗Patch: www.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-fjhq-fg7w-hchr: The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization f↗2022-05-03

▶

OSV

CVE-2008-1377: The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization f↗2008-06-16

▶

CVEList

CVE-2008-1377: The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization f↗2008-06-16

▶

📋Vendor Advisories

Ubuntu

X.org vulnerabilities↗2008-06-13

▶

Red Hat

X.org Record and Security extensions memory corruption↗2008-06-11

▶

Debian

CVE-2008-1377: xorg-server - The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in...↗2008

▶

💬Community

Bugzilla

CVE-2008-1377 X.org Record and Security extensions memory corruption↗2008-05-06

▶