[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250038

 
 

909

 
 

195843

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2020-14344Date: (C)2020-08-06   (M)2023-12-22


An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 6.7CVSS Score : 4.6
Exploit Score: 0.8Exploit Score: 3.9
Impact Score: 5.9Impact Score: 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: LOCALAccess Vector: LOCAL
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: HIGHAuthentication: NONE
User Interaction: NONEConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: PARTIAL
Confidentiality: HIGHAvailability: PARTIAL
Integrity: HIGH 
Availability: HIGH 
  
Reference:
FEDORA-2020-9a0b272cc1
FEDORA-2020-cf0afbd27e
FEDORA-2020-eba554b9d5
GLSA-202008-18
USN-4487-1
USN-4487-2
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14344
https://lists.x.org/archives/xorg-announce/2020-July/003050.html
https://www.openwall.com/lists/oss-security/2020/07/31/1
openSUSE-SU-2020:1162
openSUSE-SU-2020:1164
openSUSE-SU-2020:1182
openSUSE-SU-2020:1198

CPE    1
cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~
CWE    1
CWE-190
OVAL    17
oval:org.secpod.oval:def:67097
oval:org.secpod.oval:def:506151
oval:org.secpod.oval:def:118628
oval:org.secpod.oval:def:118686
...

© SecPod Technologies