CVE-2018-14598
published 2018-08-24CVE-2018-14598: An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows…
PriorityP337high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
4.23%
89.8th percentile
An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault).
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | libx11 | < libx11 2:1.6.6-1 (bookworm) | libx11 2:1.6.6-1 (bookworm) |
| fedoraproject | fedora | — | — |
| x.org | libx11 | <= 1.6.5 | — |
| x.org | libx11 | >= 0 < 2:1.6.6-1 | 2:1.6.6-1 |
| x.org | libx11 | >= 0 < 2:1.6.6-1 | 2:1.6.6-1 |
| x.org | libx11 | >= 0 < 2:1.6.6-1 | 2:1.6.6-1 |
| x.org | libx11 | >= 0 < 2:1.6.6-1 | 2:1.6.6-1 |
| x.org | libx11 | >= 0 < 2:1.6.2-1ubuntu2.1 | 2:1.6.2-1ubuntu2.1 |
| x.org | libx11 | >= 0 < 2:1.6.3-1ubuntu2.1 | 2:1.6.3-1ubuntu2.1 |
| x.org | libx11 | >= 0 < 2:1.6.4-3ubuntu0.1 | 2:1.6.4-3ubuntu0.1 |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian7.5LOW
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8crp-qc6q-x3mh: An issue was discovered in XListExtensions in ListExt
ghsa_unreviewed·2022-05-14
CVE-2018-14598 [HIGH] CWE-20 GHSA-8crp-qc6q-x3mh: An issue was discovered in XListExtensions in ListExt
An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault).
OSV
libx11 vulnerabilities
osv·2018-08-30·CVSS 9.8
CVE-2016-7942 [CRITICAL] libx11 vulnerabilities
libx11 vulnerabilities
Tobias Stoeckmann discovered that libx11 incorrectly handled certain images.
An attacker could possibly use this issue to access sensitive information
(CVE-2016-7942)
Tobias Stoeckmann discovered that libx11 incorrectly handled certain inputs.
An attacker could possibly use this issue to access sensitive information.
(CVE-2016-7943)
It was discovered that libx11 incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2018-14598, CVE-2018-14599, CVE-2018-14600)
OSV
CVE-2018-14598: An issue was discovered in XListExtensions in ListExt
osv·2018-08-24·CVSS 7.5
CVE-2018-14598 [HIGH] CVE-2018-14598: An issue was discovered in XListExtensions in ListExt
An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault).
Ubuntu
libx11 vulnerabilities
vendor_ubuntu·2018-08-30·CVSS 9.8
CVE-2016-7942 [CRITICAL] libx11 vulnerabilities
Title: libx11 vulnerabilities
Summary: Several security issues were fixed in libx11.
Tobias Stoeckmann discovered that libx11 incorrectly handled certain images.
An attacker could possibly use this issue to access sensitive information
(CVE-2016-7942)
Tobias Stoeckmann discovered that libx11 incorrectly handled certain inputs.
An attacker could possibly use this issue to access sensitive information.
(CVE-2016-7943)
It was discovered that libx11 incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2018-14598, CVE-2018-14599, CVE-2018-14600)
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
Ubuntu
libx11 vulnerabilities
vendor_ubuntu·2018-08-30·CVSS 9.8
CVE-2016-7942 [CRITICAL] libx11 vulnerabilities
Title: libx11 vulnerabilities
Summary: Several security issues were fixed in libx11.
USN-3758-1 fixed several vulnerabilities in libx11. This update provides
the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
Tobias Stoeckmann discovered that libx11 incorrectly handled certain images.
An attacker could possibly use this issue to access sensitive information
(CVE-2016-7942)
Tobias Stoeckmann discovered that libx11 incorrectly handled certain inputs.
An attacker could possibly use this issue to access sensitive information.
(CVE-2016-7943)
It was discovered that libx11 incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2018-14598, CVE-2018-14599, CVE-2018-14600)
Instructions: After a standard system u
Red Hat
libX11: Crash on invalid reply in XListExtensions in ListExt.c
vendor_redhat·2018-08-21·CVSS 7.5
CVE-2018-14598 [HIGH] CWE-20 libX11: Crash on invalid reply in XListExtensions in ListExt.c
libX11: Crash on invalid reply in XListExtensions in ListExt.c
An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault).
It was discovered that libX11 does not properly validate input coming from the server, causing XListExtensions() and XGetFontPath() functions to produce an invalid list of elements that in turn make XFreeExtensionsList() and XFreeFontPath() access invalid memory. An attacker who can either configure a malicious X server or modify the data coming from one, could use this flaw to crash the application using libX11, resulting in a denial of service.
Statement: This issue did
Debian
CVE-2018-14598: libx11 - An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5....
vendor_debian·2018·CVSS 7.5
CVE-2018-14598 [HIGH] CVE-2018-14598: libx11 - An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5....
An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault).
Scope: local
bookworm: resolved (fixed in 2:1.6.6-1)
bullseye: resolved (fixed in 2:1.6.6-1)
forky: resolved (fixed in 2:1.6.6-1)
sid: resolved (fixed in 2:1.6.6-1)
trixie: resolved (fixed in 2:1.6.6-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-14598 libX11: Crash on invalid reply in XListExtensions in ListExt.c
bugzilla·2018-08-28·CVSS 7.5
CVE-2018-14598 [HIGH] CVE-2018-14598 libX11: Crash on invalid reply in XListExtensions in ListExt.c
CVE-2018-14598 libX11: Crash on invalid reply in XListExtensions in ListExt.c
An issue was discovered in ListExt.c:XListExtensions and GetFPath.c:XGetFontPath in libX11 through version 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault).
References:
http://www.openwall.com/lists/oss-security/2018/08/21/6
https://lists.x.org/archives/xorg-announce/2018-August/002916.html
Upstream Patch:
https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=e83722768fd5c467ef61fa159e8c6278770b45c2
Discussion:
Created libX11 tracking bugs for this issue:
Affects: fedora-all [bug 1623239]
---
When a reply from a malicious server has the first element with an invalid lengt
Bugzilla
CVE-2018-14598 libX11: Crash on invalid reply in XListExtensions in ListExt.c [fedora-all]
bugzilla·2018-08-28·CVSS 7.5
CVE-2018-14598 [HIGH] CVE-2018-14598 libX11: Crash on invalid reply in XListExtensions in ListExt.c [fedora-all]
CVE-2018-14598 libX11: Crash on invalid reply in XListExtensions in ListExt.c [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple suppo
http://www.openwall.com/lists/oss-security/2018/08/21/6http://www.securityfocus.com/bid/105177http://www.securitytracker.com/id/1041543https://access.redhat.com/errata/RHSA-2019:2079https://bugzilla.suse.com/show_bug.cgi?id=1102073https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=e83722768fd5c467ef61fa159e8c6278770b45c2https://lists.debian.org/debian-lts-announce/2018/08/msg00030.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGARUV66TS5OOSLR5A76BUB7SDV6GO4F/https://lists.x.org/archives/xorg-announce/2018-August/002916.htmlhttps://security.gentoo.org/glsa/201811-01https://usn.ubuntu.com/3758-1/https://usn.ubuntu.com/3758-2/http://www.openwall.com/lists/oss-security/2018/08/21/6http://www.securityfocus.com/bid/105177http://www.securitytracker.com/id/1041543https://access.redhat.com/errata/RHSA-2019:2079https://bugzilla.suse.com/show_bug.cgi?id=1102073https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=e83722768fd5c467ef61fa159e8c6278770b45c2https://lists.debian.org/debian-lts-announce/2018/08/msg00030.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGARUV66TS5OOSLR5A76BUB7SDV6GO4F/https://lists.x.org/archives/xorg-announce/2018-August/002916.htmlhttps://security.gentoo.org/glsa/201811-01https://usn.ubuntu.com/3758-1/https://usn.ubuntu.com/3758-2/
2018-08-24
Published