CVE-2018-14600
libX11: Out of Bounds write in XListExtensions in ListExt.c
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution.
Se ha descubierto un problema en libX11 hasta su versión 1.6.5. La función XListExtensions en ListExt.c interpreta una variable como firmada en lugar de no firmada, lo que resulta en una escritura fuera de límites (de hasta 128 bytes), lo que conduce a una denegación de servicio (DoS) o a la ejecución remota de código.
An out of bounds write, limited to NULL bytes, was discovered in libX11 in functions XListExtensions() and XGetFontPath(). The length field is considered as a signed value, which makes the library access memory before the intended buffer. An attacker who can either configure a malicious X server or modify the data coming from one could use this flaw to make the program crash or have other unspecified effects, caused by the memory corruption.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-07-26 CVE Reserved
- 2018-08-21 CVE Published
- 2024-08-03 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (13)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2018/08/21/6 | Mailing List |
|
| http://www.securityfocus.com/bid/105177 | Third Party Advisory | |
| http://www.securitytracker.com/id/1041543 | Third Party Advisory | |
| https://lists.debian.org/debian-lts-announce/2018/08/msg00030.html | Mailing List |
|
| https://lists.x.org/archives/xorg-announce/2018-August/002916.html | Mailing List |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1102068 | 2019-08-06 | |
| https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=dbf72805fd9d7b1846fe9a11b46f3994bfc27fea | 2019-08-06 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2019:2079 | 2019-08-06 | |
| https://security.gentoo.org/glsa/201811-01 | 2019-08-06 | |
| https://usn.ubuntu.com/3758-1 | 2019-08-06 | |
| https://usn.ubuntu.com/3758-2 | 2019-08-06 | |
| https://access.redhat.com/security/cve/CVE-2018-14600 | 2019-08-06 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1623242 | 2019-08-06 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| X.org Search vendor "X.org" | Libx11 Search vendor "X.org" for product "Libx11" | <= 1.6.5 Search vendor "X.org" for product "Libx11" and version " <= 1.6.5" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | esm |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||