CVE-2018-14600Out-of-bounds Write in Libx11

CWE-787Out-of-bounds Write11 documents8 sources
Severity
9.8CRITICALNVD
EPSS
11.0%
top 6.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
X.org Libx11Canonical Ubuntu LinuxDebian Linux
Timeline
PublishedAug 24
Latest updateMay 14

Description

An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

Debianx.org/libx11< 2:1.6.6-1+3
NVDx.org/libx111.6.5

Also affects: Debian Linux 8.0, Ubuntu Linux 12.04, 14.04, 16.04, 18.04

Patches

Patch: bugzilla.suse.comPatch: cgit.freedesktop.orgPatch: bugzilla.suse.com

🔴Vulnerability Details

4
GHSA
GHSA-8j8v-r4qq-96r9: An issue was discovered in libX11 through 12022-05-14
OSV
libx11 vulnerabilities2018-08-30
OSV
CVE-2018-14600: An issue was discovered in libX11 through 12018-08-24
CVEList
CVE-2018-14600: An issue was discovered in libX11 through 12018-08-24

📋Vendor Advisories

4
Ubuntu
libx11 vulnerabilities2018-08-30
Ubuntu
libx11 vulnerabilities2018-08-30
Red Hat
libX11: Out of Bounds write in XListExtensions in ListExt.c2018-08-21
Debian
CVE-2018-14600: libx11 - An issue was discovered in libX11 through 1.6.5. The function XListExtensions in...2018

💬Community

2
Bugzilla
CVE-2018-14600 libX11: Out of Bounds write in XListExtensions in ListExt.c2018-08-28
Bugzilla
CVE-2018-14600 libX11: Out of Bounds write in XListExtensions in ListExt.c [fedora-all]2018-08-28
CVE-2018-14600 — Out-of-bounds Write in X.org Libx11 | cvebase