CVE-2021-31535Classic Buffer Overflow in Libx11

CWE-120Classic Buffer OverflowCWE-20Improper Input ValidationCWE-77Command Injection8 documents7 sources
Severity
9.8CRITICALNVD
EPSS
2.1%
top 16.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
X.org Libx11X.org X Window SystemFedoraproject Fedora
Timeline
PublishedMay 27
Latest updateMay 24

Description

LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request (intended for server-side color lookup) contains a flaw allowing a client to send color-name requests with a name longer than the maximum size allowed by the protocol (and also longer than the maximum packet size for normal-sized packets). The user-controlled data exceeding the maximum size is then interpreted by the server as additional X protoco

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

NVDx.org/libx11< 1.7.1
Debianx.org/libx11< 2:1.7.1-1+3

Also affects: Fedora 33

🔴Vulnerability Details

3
GHSA
GHSA-3vp2-rf63-rc8p: LookupCol2022-05-24
CVEList
CVE-2021-31535: LookupCol2021-05-27
OSV
CVE-2021-31535: LookupCol2021-05-27

📋Vendor Advisories

4
Ubuntu
libx11 vulnerability2021-05-25
Ubuntu
libx11 vulnerability2021-05-25
Red Hat
libX11: missing request length checks2021-05-18
Debian
CVE-2021-31535: libx11 - LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remot...2021
CVE-2021-31535 — Classic Buffer Overflow in Libx11 | cvebase