Denial of Service Vulnerability in X.Org X Window System by X.Org Server
CVE-2014-8091

Currently unrated

Key Information:

Vendor

X.org

Status
Xorg-server
Vendor
CVE Published:
10 December 2014

What is CVE-2014-8091?

The X.Org X Window System, including the X.Org Server versions prior to 1.16.3, contains a flaw related to memory allocation. When employing SUN-DES-1 (Secure RPC) authentication credentials, the system fails to properly check the return value of a malloc operation. This oversight allows remote attackers to exploit the authentication mechanism by sending specially crafted connection requests, leading to a NULL pointer dereference, ultimately resulting in a denial of service condition where the server will crash.

References

http://www.debian.org/security/2014/dsa-3095
vendor-advisoryx_refsource_DEBIAN
http://www.x.org/wiki/Development/Security/Advisory-2014-...
x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/cpujul2...
x_refsource_CONFIRM

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.