CVE-2014-8091 — Unchecked Return Value in X Server

CWE-252 — Unchecked Return Value10 documents8 sources

Severity

4.3MEDIUMNVD

EPSS

4.8%

top 10.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

X.org Xorg-server X.org X Server X.org X11

Timeline

PublishedDec 10

Latest updateMay 17

Description

X.Org X Window System (aka X11 and X) X11R5 and X.Org Server (aka xserver and xorg-server) before 1.16.3, when using SUN-DES-1 (Secure RPC) authentication credentials, does not check the return value of a malloc call, which allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a crafted connection request.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶Debianx.org/xorg-server< 2:1.16.2.901-1+3

▶NVDx.org/x_server1.16.2

▶NVDx.org/x115.0

Patches

Patch: www.x.org ↗Patch: www.x.org ↗

🔴Vulnerability Details

GHSA

GHSA-3443-38jq-4qwq: X↗2022-05-17

▶

CVEList

CVE-2014-8091: X↗2014-12-10

▶

OSV

CVE-2014-8091: X↗2014-12-10

▶

📋Vendor Advisories

Ubuntu

NVIDIA graphics drivers vulnerabilities↗2014-12-10

▶

Ubuntu

X.Org X server vulnerabilities↗2014-12-09

▶

Red Hat

xorg-x11-server: denial of service due to unchecked malloc in client authentication↗2014-12-09

▶

Debian

CVE-2014-8091: xorg-server - X.Org X Window System (aka X11 and X) X11R5 and X.Org Server (aka xserver and xo...↗2014

▶

💬Community

Bugzilla

tigervnc requires rebuild after Dec-2014 xorg-x11-server CVEs↗2015-01-11

▶

Bugzilla

CVE-2014-8091 xorg-x11-server: denial of service due to unchecked malloc in client authentication↗2014-11-27

▶