DoS Vulnerability in libX11 Affecting Multiple Linux Distributions
CVE-2018-14598

7.5HIGH

Key Information:

Vendor

X.org

Status
Libx11
Vendor
CVE Published:
24 August 2018

What is CVE-2018-14598?

A vulnerability in the XListExtensions function within libX11 can be exploited by a malicious server through a crafted reply, resulting in a string overflow. This overflow may lead to a critical variable being set to NULL, which, when accessed, triggers a segmentation fault in the application. Such an attack causes a Denial of Service (DoS), effectively crashing the affected application. The issue is prevalent in version 1.6.5 and earlier, prompting urgent updates across various Linux distributions.

References

https://usn.ubuntu.com/3758-2/
vendor-advisoryx_refsource_UBUNTU
https://bugzilla.suse.com/show_bug.cgi?id=1102073
x_refsource_CONFIRM
https://security.gentoo.org/glsa/201811-01
vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.