CVE-2020-14344
published 2020-08-05CVE-2020-14344: An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per…
PriorityP428medium6.7CVSS 3.1
AVLACLPRHUINSUCHIHAH
EPSS
0.46%
36.9th percentile
An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | libx11 | < libx11 2:1.6.10-1 (bookworm) | libx11 2:1.6.10-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| opensuse | leap | — | — |
| opensuse | leap | — | — |
| the_x11_project | libx11 | — | — |
| x.org | libx11 | < 1.6.10 | 1.6.10 |
| x.org | libx11 | >= 0 < 2:1.6.10-1 | 2:1.6.10-1 |
| x.org | libx11 | >= 0 < 2:1.6.10-1 | 2:1.6.10-1 |
| x.org | libx11 | >= 0 < 2:1.6.10-1 | 2:1.6.10-1 |
| x.org | libx11 | >= 0 < 2:1.6.10-1 | 2:1.6.10-1 |
| x.org | libx11 | >= 0 < 2:1.6.3-1ubuntu2.2 | 2:1.6.3-1ubuntu2.2 |
| x.org | libx11 | >= 0 < 2:1.6.4-3ubuntu0.3 | 2:1.6.4-3ubuntu0.3 |
| x.org | libx11 | >= 0 < 2:1.6.9-2ubuntu1.1 | 2:1.6.9-2ubuntu1.1 |
| x.org | libx11 | >= 0 < 2:1.6.2-1ubuntu2.1+esm1 | 2:1.6.2-1ubuntu2.1+esm1 |
CVSS provenance
nvdv3.16.7MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv6.7MEDIUM
vendor_debian6.7MEDIUM
vendor_redhat6.7MEDIUM
vendor_ubuntu6.7MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
libx11 vulnerabilities
vendor_ubuntu·2020-09-08·CVSS 6.7
CVE-2020-14344 [MEDIUM] libx11 vulnerabilities
Title: libx11 vulnerabilities
Summary: Several security issues were fixed in libx11.
USN-4487-1 fixed several vulnerabilities in libx11. This update provides
the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM.
Original advisory details:
Todd Carson discovered that libx11 incorrectly handled certain memory
operations. A local attacker could possibly use this issue to escalate
privileges. (CVE-2020-14344)
Jayden Rivers discovered that libx11 incorrectly handled locales. A local
attacker could possibly use this issue to escalate privileges.
(CVE-2020-14363)
Instructions: After a standard system update you need to reboot your computer to make all
the necessary changes.
Ubuntu
libx11 vulnerabilities
vendor_ubuntu·2020-09-02·CVSS 6.7
CVE-2020-14363 [MEDIUM] libx11 vulnerabilities
Title: libx11 vulnerabilities
Summary: Several security issues were fixed in libx11.
Todd Carson discovered that libx11 incorrectly handled certain memory
operations. A local attacker could possibly use this issue to escalate
privileges. (CVE-2020-14344)
Jayden Rivers discovered that libx11 incorrectly handled locales. A local
attacker could possibly use this issue to escalate privileges.
(CVE-2020-14363)
Instructions: After a standard system update you need to reboot your computer to make all
the necessary changes.
Red Hat
libX11: Heap overflow in the X input method client
vendor_redhat·2020-07-31·CVSS 6.7
CVE-2020-14344 [MEDIUM] CWE-190 libX11: Heap overflow in the X input method client
libX11: Heap overflow in the X input method client
An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux.
A flaw was found in libX11. An integer overflow leading to a heap-buffer overflow occurs when setuid programs call XIM client functions while running with elevated privileges. The highest threat from this vulnerability are to data confidentiality and integrity as well as system vulnerability.
Package: libX11 (Red Hat Enterprise Linux 5) - Out of support scope
Package: libX11 (Red Hat Enterprise Linux 6) -
Debian
CVE-2020-14344: libx11 - An integer overflow leading to a heap-buffer overflow was found in The X Input M...
vendor_debian·2020·CVSS 6.7
CVE-2020-14344 [MEDIUM] CVE-2020-14344: libx11 - An integer overflow leading to a heap-buffer overflow was found in The X Input M...
An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux.
Scope: local
bookworm: resolved (fixed in 2:1.6.10-1)
bullseye: resolved (fixed in 2:1.6.10-1)
forky: resolved (fixed in 2:1.6.10-1)
sid: resolved (fixed in 2:1.6.10-1)
trixie: resolved (fixed in 2:1.6.10-1)
GHSA
GHSA-g6cq-58wq-v493: An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1
ghsa_unreviewed·2022-05-24
CVE-2020-14344 [MEDIUM] CWE-190 GHSA-g6cq-58wq-v493: An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1
An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux.
OSV
libx11 vulnerabilities
osv·2020-09-08·CVSS 6.7
CVE-2020-14344 [MEDIUM] libx11 vulnerabilities
libx11 vulnerabilities
USN-4487-1 fixed several vulnerabilities in libx11. This update provides
the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM.
Original advisory details:
Todd Carson discovered that libx11 incorrectly handled certain memory
operations. A local attacker could possibly use this issue to escalate
privileges. (CVE-2020-14344)
Jayden Rivers discovered that libx11 incorrectly handled locales. A local
attacker could possibly use this issue to escalate privileges.
(CVE-2020-14363)
OSV
libx11 vulnerabilities
osv·2020-09-02·CVSS 6.7
CVE-2020-14344 [MEDIUM] libx11 vulnerabilities
libx11 vulnerabilities
Todd Carson discovered that libx11 incorrectly handled certain memory
operations. A local attacker could possibly use this issue to escalate
privileges. (CVE-2020-14344)
Jayden Rivers discovered that libx11 incorrectly handled locales. A local
attacker could possibly use this issue to escalate privileges.
(CVE-2020-14363)
OSV
CVE-2020-14344: An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1
osv·2020-08-05·CVSS 6.7
CVE-2020-14344 [MEDIUM] CVE-2020-14344: An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1
An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux.
No detection rules found.
No public exploits indexed.
arXiv
Streamlining Attack Tree Generation: A Fragment-Based Approach
arxiv_fulltext·2023-10-01
Streamlining Attack Tree Generation: A Fragment-Based Approach
AttackGraph
basicstyle= ,
keywords=AttackTarget, AttackStep,
keywordstyle=blue ,
ndkeywords=OR, CPE, CWE, cweNotes, BaseScore, ImpactScore, ExploitabilityScore, epss, description, CVE, CVSS, SAND ,
ndkeywordstyle=darkgray ,
alsoletter=CVE-, CVSS:, CWE-
identifierstyle=black,
sensitive=false,
comment=[l]//,
morecomment=[s]/**/,
commentstyle=purple ,
stringstyle=red ,
morestring=[b]',
morestring=[b]",
tabsize=2
AttackGrammar
basicstyle= ,
keywords=AttackTreeElement, AttackTarget, AttackStep, Model, AttackTreeModel, SubTree, Gate, AttackTreeSubElements, AttackTree, Synonyms, CVSSVECTORList, ScoreList,
keywordstyle=blue ,
ndkeywords=cwe, name, cpe, synonyms, cvss, note, baseScore, impactScore, exploitabilityScore, epss, attackTree, trigger, primary, numberOfDisrubtions, description, gate, pro
Bugzilla
CVE-2020-14344 xorg-x11-server: libX11: Heap overflow in the X input method client [fedora-all]
bugzilla·2020-07-31·CVSS 6.7
CVE-2020-14344 [MEDIUM] CVE-2020-14344 xorg-x11-server: libX11: Heap overflow in the X input method client [fedora-all]
CVE-2020-14344 xorg-x11-server: libX11: Heap overflow in the X input method client [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple
Bugzilla
CVE-2020-14344 libX11: Heap overflow in the X input method client [fedora-all]
bugzilla·2020-07-31·CVSS 6.7
CVE-2020-14344 [MEDIUM] CVE-2020-14344 libX11: Heap overflow in the X input method client [fedora-all]
CVE-2020-14344 libX11: Heap overflow in the X input method client [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported version
Bugzilla
CVE-2020-14344 libX11: Heap overflow in the X input method client
bugzilla·2020-07-30·CVSS 6.7
CVE-2020-14344 [MEDIUM] CVE-2020-14344 libX11: Heap overflow in the X input method client
CVE-2020-14344 libX11: Heap overflow in the X input method client
The X Input Method (XIM) client implementation in libX11 has some integer overflows and signed/unsigned comparison issues that can lead to heap corruption when handling malformed messages from an input method.
Discussion:
This bug is in libX11, not xorg-x11-server.
---
Acknowledgments:
Name: X.org project
Upstream: Todd Carson
---
Public via:
https://www.openwall.com/lists/oss-security/2020/07/31/1
---
Created libX11 tracking bugs for this issue:
Affects: fedora-all [bug 1862519]
Created xorg-x11-server tracking bugs for this issue:
Affects: fedora-all [bug 1862518]
---
External References:
https://lists.x.org/archives/xorg-announce/2020-July/003050.html
---
Upstream patches:
https://gitlab.freedesktop.o
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00014.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-08/msg00015.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-08/msg00024.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-08/msg00031.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14344https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4VDDSAYV7XGNRCXE7HCU23645MG74OFF/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XY4H2SIEF2362AMNX5ZKWAELGU7LKFJB/https://lists.x.org/archives/xorg-announce/2020-July/003050.htmlhttps://security.gentoo.org/glsa/202008-18https://usn.ubuntu.com/4487-1/https://usn.ubuntu.com/4487-2/https://www.openwall.com/lists/oss-security/2020/07/31/1http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00014.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-08/msg00015.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-08/msg00024.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-08/msg00031.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14344https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4VDDSAYV7XGNRCXE7HCU23645MG74OFF/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XY4H2SIEF2362AMNX5ZKWAELGU7LKFJB/https://lists.x.org/archives/xorg-announce/2020-July/003050.htmlhttps://security.gentoo.org/glsa/202008-18https://usn.ubuntu.com/4487-1/https://usn.ubuntu.com/4487-2/https://www.openwall.com/lists/oss-security/2020/07/31/1
2020-08-05
Published