Vulnerability Details : CVE-2017-12186
xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Vulnerability category: Input validationExecute code
Products affected by CVE-2017-12186
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:x.org:xorg-server:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-12186
0.47%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 73 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-12186
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2017-12186
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
-
[PLANNED FOR DEPRECATION. SEE MAINTENANCE NOTES AND CONSIDER CWE-252, CWE-248, OR CWE-1069.] Ignoring exceptions and other error conditions may allow an attacker to induce unexpected behavior unnoticed.Assigned by: secalert@redhat.com (Secondary)
References for CVE-2017-12186
-
https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e
xorg/xserver - X server (mirrored from https://gitlab.freedesktop.org/xorg/xserver)Patch;Third Party Advisory
-
https://www.debian.org/security/2017/dsa-4000
Debian -- Security Information -- DSA-4000-1 xorg-serverThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1509216
1509216 – (CVE-2017-12186) CVE-2017-12186 xorg-x11-server: unvalidated lengths in X-Resource extensionExploit;Issue Tracking;Patch;Third Party Advisory;VDB Entry
Jump to