CVE-2020-14345Improper Restriction of Operations within the Bounds of a Memory Buffer in X Server

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer11 documents8 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 70.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
X.org Xorg-serverX.org X ServerTHE X.org Foundation Xorg-x11-server+1 more
Timeline
PublishedSep 15
Latest updateMay 24

Description

A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5the_x.org_foundation/xorg-x11-serverbefore xorg-x11-server 1.20.9
Debianx.org/xorg-server< 2:1.20.9-1+3
NVDx.org/x_server< 1.20.9

Also affects: Ubuntu Linux 14.04, 16.04, 18.04, 20.04

🔴Vulnerability Details

3
GHSA
GHSA-6xpw-chm5-x9v3: A flaw was found in X2022-05-24
OSV
CVE-2020-14345: A flaw was found in X2020-09-15
CVEList
CVE-2020-14345: A flaw was found in X2020-09-15

📋Vendor Advisories

4
Ubuntu
X.Org X Server vulnerabilities2020-09-09
Ubuntu
X.Org X Server vulnerability2020-09-08
Red Hat
xorg-x11-server: Out-of-bounds access in XkbSetNames function2020-08-25
Debian
CVE-2020-14345: xorg-server - A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds...2020

💬Community

3
Bugzilla
CVE-2020-14345 xorg-x11-server: Out-of-bounds access in XkbSetNames function [fedora-all]2020-08-25
Bugzilla
CVE-2020-14360 xorg-x11-server: Out-of-bounds access in XkbSetMap function2020-08-17
Bugzilla
CVE-2020-14345 xorg-x11-server: Out-of-bounds access in XkbSetNames function2020-07-30
CVE-2020-14345 — X.org X Server vulnerability | cvebase