Vulnerability Details : CVE-2020-14346
A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Exploit prediction scoring system (EPSS) score for CVE-2020-14346
Probability of exploitation activity in the next 30 days: 0.05%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 15 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2020-14346
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2020-14346
-
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
References for CVE-2020-14346
-
https://usn.ubuntu.com/4488-2/
USN-4488-2: X.Org X Server vulnerabilities | Ubuntu security notices | UbuntuThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1862246
1862246 – (CVE-2020-14346) CVE-2020-14346 xorg-x11-server: Integer underflow in the X input extension protocolIssue Tracking;Third Party Advisory
-
https://lists.x.org/archives/xorg-announce/2020-August/003058.html
X.Org server security advisory: August 25, 2020Mailing List;Patch;Vendor Advisory
-
https://www.zerodayinitiative.com/advisories/ZDI-20-1417/
Third Party Advisory;VDB Entry
-
https://security.gentoo.org/glsa/202012-01
Third Party Advisory
Products affected by CVE-2020-14346
- cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:x.org:xorg-server:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*