CVE-2020-14362

CWE-191CWE-190Integer Overflow10 documents8 sources
Severity
7.8HIGH
EPSS
0.2%
top 60.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
X.org X ServerCanonical Ubuntu LinuxRedhat Enterprise Linux
Timeline
PublishedSep 15
Latest updateMay 24

Description

A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

Debianxorg-server< 2:1.20.9-1+3
CVEListV5xorg-x11-serverbefore xorg-x11-server 1.20.9
NVDx.org/x_server< 1.20.9

Also affects: Ubuntu Linux 14.04, Enterprise Linux 6.0, 7.0, 8.0

Patches

Patch: lists.x.orgPatch: lists.x.org

🔴Vulnerability Details

3
GHSA
GHSA-wfwj-6wvw-xhcw: A flaw was found in X2022-05-24
OSV
CVE-2020-14362: A flaw was found in X2020-09-15
CVEList
CVE-2020-14362: A flaw was found in X2020-09-15

📋Vendor Advisories

4
Ubuntu
X.Org X Server vulnerabilities2020-09-09
Ubuntu
X.Org X Server vulnerabilities2020-09-02
Red Hat
xorg-x11-server: XRecordRegisterClients integer underflow privilege escalation vulnerability2020-08-25
Debian
CVE-2020-14362: xorg-server - A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer under...2020

💬Community

2
Bugzilla
CVE-2020-14362 xorg-x11-server: XRecordRegisterClients integer underflow privilege escalation vulnerability [fedora-all]2020-08-25
Bugzilla
CVE-2020-14362 xorg-x11-server: XRecordRegisterClients integer underflow privilege escalation vulnerability2020-08-17
CVE-2020-14362 (HIGH CVSS 7.8) | A flaw was found in X.Org Server be | cvebase.io