ByteOS Network

NVD Vulnerability Details :

CVE-2020-14344

Modified

Source-secalert@redhat.com

Published At-05 Aug, 2020 | 14:15

Updated At-07 Nov, 2023 | 03:17

An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	6.7	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Secondary	3.1	6.7	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	4.6	MEDIUM	AV:L/AC:L/Au:N/C:P/I:P/A:P

Type: Primary

Version: 3.1

Base score: 6.7

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 6.7

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 4.6

Base severity: MEDIUM

Vector:

AV:L/AC:L/Au:N/C:P/I:P/A:P

CPE Matches

X.Org Foundation

>>libx11>>Versions before 1.6.10(exclusive)

cpe:2.3:a:x.org:libx11:*:*:*:*:*:*:*:*

Fedora Project

>>fedora>>31

cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

Fedora Project

>>fedora>>32

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

Fedora Project

>>fedora>>33

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Canonical Ltd.

>>ubuntu_linux>>12.04

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*

Canonical Ltd.

>>ubuntu_linux>>14.04

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*

Canonical Ltd.

>>ubuntu_linux>>16.04

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

Canonical Ltd.

>>ubuntu_linux>>18.04

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

Canonical Ltd.

>>ubuntu_linux>>20.04

cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*

openSUSE

>>leap>>15.1

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

openSUSE

>>leap>>15.2

cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-190	Primary	nvd@nist.gov
CWE-190	Secondary	secalert@redhat.com

CWE ID: CWE-190

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-190

Type: Secondary

Source: secalert@redhat.com

References

Hyperlink	Source	Resource
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00014.html	secalert@redhat.com	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00015.html	secalert@redhat.com	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00024.html	secalert@redhat.com	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00031.html	secalert@redhat.com	Mailing List Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14344	secalert@redhat.com	Issue Tracking Patch Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4VDDSAYV7XGNRCXE7HCU23645MG74OFF/	secalert@redhat.com	N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/	secalert@redhat.com	N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XY4H2SIEF2362AMNX5ZKWAELGU7LKFJB/	secalert@redhat.com	N/A
https://lists.x.org/archives/xorg-announce/2020-July/003050.html	secalert@redhat.com	Mailing List Patch Vendor Advisory
https://security.gentoo.org/glsa/202008-18	secalert@redhat.com	Third Party Advisory
https://usn.ubuntu.com/4487-1/	secalert@redhat.com	Third Party Advisory
https://usn.ubuntu.com/4487-2/	secalert@redhat.com	Third Party Advisory
https://www.openwall.com/lists/oss-security/2020/07/31/1	secalert@redhat.com	Mailing List Patch Third Party Advisory