CVE-2022-3550

CWE-119 — Buffer Overflow CWE-120 — Classic Buffer Overflow7 documents7 sources

Severity

8.8HIGH

EPSS

0.4%

top 38.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

X.org X Server X.org Server Debian Debian Linux +1 more

Timeline

PublishedOct 17

Latest updateNov 23

Description

A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xkb.c. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211051.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.1 | Impact: 3.4

Affected Packages4 packages

▶NVDx.org/x_server< 21.1.6

▶Debianxorg-server< 2:1.20.11-1+deb11u3+3

▶CVEListV5x.org/servern/a

▶Debianxwayland< 2:22.1.5-1+2

Also affects: Debian Linux 10.0, 11.0, Fedora 35, 36, 37

Patches

Patch: cgit.freedesktop.org ↗Patch: cgit.freedesktop.org ↗

🔴Vulnerability Details

CVEList

X.org Server xkb.c _GetCountedString buffer overflow↗2022-10-17

▶

GHSA

GHSA-h54w-qqq6-jp69: A vulnerability classified as critical was found in X↗2022-10-17

▶

OSV

CVE-2022-3550: A vulnerability classified as critical was found in X↗2022-10-17

▶

📋Vendor Advisories

Ubuntu

X.Org X Server vulnerabilities↗2022-11-23

▶

Red Hat

xorg-x11-server: buffer overflow in _GetCountedString() in xkb/xkb.c↗2022-10-17

▶

Debian

CVE-2022-3550: xorg-server - A vulnerability classified as critical was found in X.org Server. Affected by th...↗2022

▶