An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux.
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00015.html
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00024.html
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00031.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14344
https://lists.x.org/archives/xorg-announce/2020-July/003050.html
https://security.gentoo.org/glsa/202008-18
https://usn.ubuntu.com/4487-1/
Source: MITRE
Published: 2020-08-05
Updated: 2020-12-04
Type: CWE-190
Base Score: 4.6
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 3.9
Severity: MEDIUM
Base Score: 6.7
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 0.8
Severity: MEDIUM
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
147124 | EulerOS Virtualization 3.0.6.6 : libX11 (EulerOS-SA-2021-1494) | Nessus | Huawei Local Security Checks | medium |
147073 | EulerOS Virtualization for ARM 64 3.0.6.0 : libX11 (EulerOS-SA-2021-1556) | Nessus | Huawei Local Security Checks | medium |
146664 | EulerOS 2.0 SP2 : libX11 (EulerOS-SA-2021-1323) | Nessus | Huawei Local Security Checks | medium |
146168 | EulerOS 2.0 SP5 : libX11 (EulerOS-SA-2021-1210) | Nessus | Huawei Local Security Checks | medium |
145113 | EulerOS 2.0 SP3 : libX11 (EulerOS-SA-2021-1092) | Nessus | Huawei Local Security Checks | medium |
144719 | EulerOS Virtualization for ARM 64 3.0.2.0 : libX11 (EulerOS-SA-2021-1049) | Nessus | Huawei Local Security Checks | medium |
142177 | EulerOS 2.0 SP8 : libX11 (EulerOS-SA-2020-2313) | Nessus | Huawei Local Security Checks | medium |
141327 | EulerOS : libX11 (EulerOS-SA-2020-2177) | Nessus | Huawei Local Security Checks | medium |
141320 | EulerOS 2.0 SP9 : libX11 (EulerOS-SA-2020-2167) | Nessus | Huawei Local Security Checks | medium |
140507 | Fedora 31 : libX11 (2020-9a0b272cc1) | Nessus | Fedora Local Security Checks | medium |
140266 | Ubuntu 16.04 LTS / 18.04 LTS / 20.04 : libx11 vulnerabilities (USN-4487-1) | Nessus | Ubuntu Local Security Checks | medium |
139937 | GLSA-202008-18 : X.Org X11 library: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | medium |
139933 | Fedora 32 : libX11 (2020-eba554b9d5) | Nessus | Fedora Local Security Checks | medium |
139644 | openSUSE Security Update : libX11 (openSUSE-2020-1198) | Nessus | SuSE Local Security Checks | medium |
139559 | openSUSE Security Update : libX11 (openSUSE-2020-1182) | Nessus | SuSE Local Security Checks | medium |
139534 | SUSE SLED15 / SLES15 Security Update : libX11 (SUSE-SU-2020:2197-1) | Nessus | SuSE Local Security Checks | medium |
139533 | SUSE SLES12 Security Update : libX11 (SUSE-SU-2020:2196-1) | Nessus | SuSE Local Security Checks | medium |
139447 | openSUSE Security Update : libX11 (openSUSE-2020-1164) | Nessus | SuSE Local Security Checks | medium |
139446 | openSUSE Security Update : libX11 (openSUSE-2020-1162) | Nessus | SuSE Local Security Checks | medium |
139359 | SUSE SLES12 Security Update : libX11 (SUSE-SU-2020:2117-1) | Nessus | SuSE Local Security Checks | medium |
139358 | SUSE SLED15 / SLES15 Security Update : libX11 (SUSE-SU-2020:2116-1) | Nessus | SuSE Local Security Checks | medium |
139340 | Debian DLA-2312-1 : libx11 security update | Nessus | Debian Local Security Checks | medium |
139267 | FreeBSD : libX11 -- Heap corruption in the X input method client in libX11 (6faa7feb-d3fa-11ea-9aba-0c9d925bbbc0) | Nessus | FreeBSD Local Security Checks | medium |