CVE-2018-14598Improper Input Validation in Libx11

CWE-20Improper Input Validation11 documents8 sources
Severity
7.5HIGHNVD
EPSS
3.0%
top 13.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
X.org Libx11Canonical Ubuntu LinuxDebian Linux+1 more
Timeline
PublishedAug 24
Latest updateMay 14

Description

An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault).

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

Debianx.org/libx11< 2:1.6.6-1+3
NVDx.org/libx111.6.5

Also affects: Debian Linux 8.0, Fedora 28, Ubuntu Linux 12.04, 14.04, 16.04, 18.04

Patches

Patch: bugzilla.suse.comPatch: cgit.freedesktop.orgPatch: bugzilla.suse.com

🔴Vulnerability Details

4
GHSA
GHSA-8crp-qc6q-x3mh: An issue was discovered in XListExtensions in ListExt2022-05-14
OSV
libx11 vulnerabilities2018-08-30
OSV
CVE-2018-14598: An issue was discovered in XListExtensions in ListExt2018-08-24
CVEList
CVE-2018-14598: An issue was discovered in XListExtensions in ListExt2018-08-24

📋Vendor Advisories

4
Ubuntu
libx11 vulnerabilities2018-08-30
Ubuntu
libx11 vulnerabilities2018-08-30
Red Hat
libX11: Crash on invalid reply in XListExtensions in ListExt.c2018-08-21
Debian
CVE-2018-14598: libx11 - An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5....2018

💬Community

2
Bugzilla
CVE-2018-14598 libX11: Crash on invalid reply in XListExtensions in ListExt.c2018-08-28
Bugzilla
CVE-2018-14598 libX11: Crash on invalid reply in XListExtensions in ListExt.c [fedora-all]2018-08-28
CVE-2018-14598 — Improper Input Validation in Libx11 | cvebase