CVE-2014-8095
xorg-x11-server: out of bounds access due to not validating length or offset values in XInput extension
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The XInput extension in X.Org X Window System (aka X11 or X) X11R4 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcXChangeDeviceControl, (2) ProcXChangeDeviceControl, (3) ProcXChangeFeedbackControl, (4) ProcXSendExtensionEvent, (5) SProcXIAllowEvents, (6) SProcXIChangeCursor, (7) ProcXIChangeHierarchy, (8) SProcXIGetClientPointer, (9) SProcXIGrabDevice, (10) SProcXIUngrabDevice, (11) ProcXIUngrabDevice, (12) SProcXIPassiveGrabDevice, (13) ProcXIPassiveGrabDevice, (14) SProcXIPassiveUngrabDevice, (15) ProcXIPassiveUngrabDevice, (16) SProcXListDeviceProperties, (17) SProcXDeleteDeviceProperty, (18) SProcXIListProperties, (19) SProcXIDeleteProperty, (20) SProcXIGetProperty, (21) SProcXIQueryDevice, (22) SProcXIQueryPointer, (23) SProcXISelectEvents, (24) SProcXISetClientPointer, (25) SProcXISetFocus, (26) SProcXIGetFocus, or (27) SProcXIWarpPointer function.
La extensión XInput en X.Org X Window System (también conocido como X11 o X) X11R4 y X.Org Server (también conocido como xserver y xorg-server) en versiones anteriores a 1.16.3 permite a usuarios remotos autenticados causar una denegación de servicio (lectura o escritura fuera de rango) o posiblemente ejecutar código arbitrario a través de un valor de longitud o índice manipulado a la función (1) SProcXChangeDeviceControl, (2) ProcXChangeDeviceControl, (3) ProcXChangeFeedbackControl, (4) ProcXSendExtensionEvent, (5) SProcXIAllowEvents, (6) SProcXIChangeCursor, (7) ProcXIChangeHierarchy, (8) SProcXIGetClientPointer, (9) SProcXIGrabDevice, (10) SProcXIUngrabDevice, (11) ProcXIUngrabDevice, (12) SProcXIPassiveGrabDevice, (13) ProcXIPassiveGrabDevice, (14) SProcXIPassiveUngrabDevice, (15) ProcXIPassiveUngrabDevice, (16) SProcXListDeviceProperties, (17) SProcXDeleteDeviceProperty, (18) SProcXIListProperties, (19) SProcXIDeleteProperty, (20) SProcXIGetProperty, (21) SProcXIQueryDevice, (22) SProcXIQueryPointer, (23) SProcXISelectEvents, (24) SProcXISetClientPointer, (25) SProcXISetFocus, (26) SProcXIGetFocus o (27) SProcXIWarpPointer.
Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-10-10 CVE Reserved
- 2014-12-09 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-125: Out-of-bounds Read
CAPEC
References (13)
URL | Tag | Source |
---|---|---|
http://advisories.mageia.org/MGASA-2014-0532.html | X_refsource_confirm | |
http://secunia.com/advisories/61947 | Third Party Advisory | |
http://secunia.com/advisories/62292 | Third Party Advisory | |
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html | X_refsource_confirm | |
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | X_refsource_confirm | |
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | X_refsource_confirm | |
http://www.securityfocus.com/bid/71599 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.x.org/wiki/Development/Security/Advisory-2014-12-09 | 2023-02-13 |
URL | Date | SRC |
---|---|---|
http://www.debian.org/security/2014/dsa-3095 | 2023-02-13 | |
http://www.mandriva.com/security/advisories?name=MDVSA-2015:119 | 2023-02-13 | |
https://security.gentoo.org/glsa/201504-06 | 2023-02-13 | |
https://access.redhat.com/security/cve/CVE-2014-8095 | 2014-12-11 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1168694 | 2014-12-11 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0" | - |
Affected
| ||||||
X.org Search vendor "X.org" | X11 Search vendor "X.org" for product "X11" | 4.0 Search vendor "X.org" for product "X11" and version "4.0" | - |
Affected
| ||||||
X.org Search vendor "X.org" | Xorg-server Search vendor "X.org" for product "Xorg-server" | <= 1.16.2.99.901 Search vendor "X.org" for product "Xorg-server" and version " <= 1.16.2.99.901" | - |
Affected
|