CVE-2024-21886Heap-based Buffer Overflow in Xorg-server

CWE-122Heap-based Buffer Overflow12 documents9 sources
Severity
7.8HIGHNVD
EPSS
0.3%
top 50.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
X.org Xorg-serverX.org Xwayland
Timeline
PublishedFeb 28
Latest updateMar 13

Description

A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

Debianx.org/xorg-server< 2:1.20.11-1+deb11u11+3
Debianx.org/xwayland< 2:23.2.4-1+1

🔴Vulnerability Details

3
OSV
CVE-2024-21886: A heap buffer overflow flaw was found in the DisableDevice function in the X2024-02-28
CVEList
Xorg-x11-server: heap buffer overflow in disabledevice2024-02-28
GHSA
GHSA-vx3h-cj8w-2h2c: A heap buffer overflow flaw was found in the DisableDevice function in the X2024-02-28

📋Vendor Advisories

8
Ubuntu
X.Org X Server vulnerabilities2024-03-13
Microsoft
Xorg-x11-server: heap buffer overflow in disabledevice2024-02-13
Ubuntu
X.Org X Server vulnerabilities2024-01-22
Red Hat
xorg-x11-server: heap buffer overflow in DisableDevice2024-01-16
BSD
OpenBSD 7.3 Errata 025: SECURITY FIX2024-01-16
CVE-2024-21886 — Heap-based Buffer Overflow | cvebase