CVE-2020-14363

MEDIUM

Description

An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to confidentiality, integrity as well as system availability.

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14363

https://github.com/Ruia-ruia/Exploits/blob/master/DFX11details.txt

https://github.com/Ruia-ruia/Exploits/blob/master/x11doublefree.sh

https://lists.fedoraproject.org/archives/list/[email protected]/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/

https://lists.x.org/archives/xorg-announce/2020-August/003056.html

https://usn.ubuntu.com/4487-2/

Details

Source: MITRE

Published: 2020-09-11

Updated: 2020-09-30

Type: CWE-190

Risk Information

CVSS v2.0

Base Score: 4.6

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 3.9

Severity: MEDIUM

CVSS v3.0

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:x.org:libx11:*:*:*:*:*:*:*:*

Tenable Plugins

View all (30 total)

IDNameProductFamilySeverity
146168EulerOS 2.0 SP5 : libX11 (EulerOS-SA-2021-1210)NessusHuawei Local Security Checks
medium
145113EulerOS 2.0 SP3 : libX11 (EulerOS-SA-2021-1092)NessusHuawei Local Security Checks
medium
144993Amazon Linux AMI : libX11 (ALAS-2021-1462)NessusAmazon Linux Local Security Checks
medium
144719EulerOS Virtualization for ARM 64 3.0.2.0 : libX11 (EulerOS-SA-2021-1049)NessusHuawei Local Security Checks
medium
144461Amazon Linux AMI : libX11 (ALAS-2020-1463) (deprecated)NessusAmazon Linux Local Security Checks
medium
144428Virtuozzo 6 : libX11 / libX11-common / libX11-devel (VZLSA-2020-4946)NessusVirtuozzo Local Security Checks
medium
143713SUSE SLES12 Security Update : libX11 (SUSE-SU-2020:2475-2)NessusSuSE Local Security Checks
medium
143618SUSE SLES15 Security Update : libX11 (SUSE-SU-2020:2474-2)NessusSuSE Local Security Checks
medium
143582Amazon Linux 2 : libX11 (ALAS-2020-1567)NessusAmazon Linux Local Security Checks
medium
142648CentOS 6 : libX11 (CESA-2020:4946)NessusCentOS Local Security Checks
medium
142603CentOS 7 : libX11 (CESA-2020:4908)NessusCentOS Local Security Checks
medium
142563Scientific Linux Security Update : libX11 on SL7.x x86_64 (20201104)NessusScientific Linux Local Security Checks
medium
142485Oracle Linux 6 : libX11 (ELSA-2020-4946)NessusOracle Linux Local Security Checks
medium
142484Oracle Linux 7 : libX11 (ELSA-2020-4908)NessusOracle Linux Local Security Checks
medium
142475RHEL 6 : libX11 (RHSA-2020:4946)NessusRed Hat Local Security Checks
medium
142454RHEL 7 : libX11 (RHSA-2020:4908)NessusRed Hat Local Security Checks
medium
142361EulerOS 2.0 SP2 : libX11 (EulerOS-SA-2020-2365)NessusHuawei Local Security Checks
medium
142177EulerOS 2.0 SP8 : libX11 (EulerOS-SA-2020-2313)NessusHuawei Local Security Checks
medium
141327EulerOS : libX11 (EulerOS-SA-2020-2177)NessusHuawei Local Security Checks
medium
141320EulerOS 2.0 SP9 : libX11 (EulerOS-SA-2020-2167)NessusHuawei Local Security Checks
medium
140507Fedora 31 : libX11 (2020-9a0b272cc1)NessusFedora Local Security Checks
medium
140375openSUSE Security Update : libX11 (openSUSE-2020-1370)NessusSuSE Local Security Checks
medium
140373openSUSE Security Update : libX11 (openSUSE-2020-1368)NessusSuSE Local Security Checks
medium
140266Ubuntu 16.04 LTS / 18.04 LTS / 20.04 : libx11 vulnerabilities (USN-4487-1)NessusUbuntu Local Security Checks
medium
140260SUSE SLES12 Security Update : libX11 (SUSE-SU-2020:2475-1)NessusSuSE Local Security Checks
medium
140259SUSE SLED15 / SLES15 Security Update : libX11 (SUSE-SU-2020:2474-1)NessusSuSE Local Security Checks
medium
140134Debian DLA-2361-1 : libx11 security updateNessusDebian Local Security Checks
medium
139937GLSA-202008-18 : X.Org X11 library: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
139933Fedora 32 : libX11 (2020-eba554b9d5)NessusFedora Local Security Checks
medium
139831FreeBSD : libX11 -- Doublefree in locale handlng code (8da79498-e6f6-11ea-8cbf-54e1ad3d6335)NessusFreeBSD Local Security Checks
medium