Vulnerability Details : CVE-2020-14363
An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to confidentiality, integrity as well as system availability.
Vulnerability category: OverflowMemory Corruption
Products affected by CVE-2020-14363
- cpe:2.3:a:x.org:libx11:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-14363
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-14363
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST | |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
Red Hat, Inc. | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2020-14363
-
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by: secalert@redhat.com (Secondary)
References for CVE-2020-14363
-
https://lists.x.org/archives/xorg-announce/2020-August/003056.html
X.Org libX11 security advisory: August 25, 2020Vendor Advisory
-
https://github.com/Ruia-ruia/Exploits/blob/master/x11doublefree.sh
Exploits/x11doublefree.sh at master · Ruia-ruia/Exploits · GitHubExploit;Third Party Advisory
-
https://usn.ubuntu.com/4487-2/
USN-4487-2: libx11 vulnerabilities | Ubuntu security notices | UbuntuThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/
[SECURITY] Fedora 33 Update: libX11-1.6.12-1.fc33 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://github.com/Ruia-ruia/Exploits/blob/master/DFX11details.txt
Exploits/DFX11details.txt at master · Ruia-ruia/Exploits · GitHubThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14363
1872473 – (CVE-2020-14363) CVE-2020-14363 libX11: integer overflow leads to double free in locale handlingIssue Tracking;Third Party Advisory
Jump to