X-Resource Extension Vulnerability in xorg-x11-server by X.Org
CVE-2017-12186

9.8CRITICAL

Key Information:

Vendor

The X.org Foundation

Status
Xorg-x11-server
Vendor
CVE Published:
10 October 2017

What is CVE-2017-12186?

The xorg-x11-server, prior to version 1.19.5, has a vulnerability in the X-Resource extension due to the absence of length validation. This flaw allows a malicious X client to exploit the server, potentially leading to crashes or arbitrary code execution. Proper validation mechanisms are crucial in preventing such security risks and maintaining server stability. For more details, refer to security advisories provided by Debian and Red Hat.

Affected Version(s)

xorg-x11-server before 1.19.5

References

https://www.debian.org/security/2017/dsa-4000
vendor-advisoryx_refsource_DEBIAN
https://bugzilla.redhat.com/show_bug.cgi?id=1509216
x_refsource_CONFIRM
https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5...
x_refsource_CONFIRM

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.