Vulnerability Details CVE-2020-14363
An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to confidentiality, integrity as well as system availability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 38.3%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 4.6
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14363
- https://github.com/Ruia-ruia/Exploits/blob/master/DFX11details.txt
- https://github.com/Ruia-ruia/Exploits/blob/master/x11doublefree.sh
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/
- https://lists.x.org/archives/xorg-announce/2020-August/003056.html
- https://usn.ubuntu.com/4487-2/
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14363
- https://github.com/Ruia-ruia/Exploits/blob/master/DFX11details.txt
- https://github.com/Ruia-ruia/Exploits/blob/master/x11doublefree.sh
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/
- https://lists.x.org/archives/xorg-announce/2020-August/003056.html
- https://usn.ubuntu.com/4487-2/
Products affected by CVE-2020-14363
-
cpe:2.3:a:x.org:libx11:-
-
cpe:2.3:a:x.org:libx11:1.0.1
-
cpe:2.3:a:x.org:libx11:1.0.2
-
cpe:2.3:a:x.org:libx11:1.0.3
-
cpe:2.3:a:x.org:libx11:1.0.99.1
-
cpe:2.3:a:x.org:libx11:1.0.99.2
-
cpe:2.3:a:x.org:libx11:1.1
-
cpe:2.3:a:x.org:libx11:1.1.1
-
cpe:2.3:a:x.org:libx11:1.1.2
-
cpe:2.3:a:x.org:libx11:1.1.3
-
cpe:2.3:a:x.org:libx11:1.1.4
-
cpe:2.3:a:x.org:libx11:1.1.5
-
cpe:2.3:a:x.org:libx11:1.1.6
-
cpe:2.3:a:x.org:libx11:1.1.99.1
-
cpe:2.3:a:x.org:libx11:1.1.99.2
-
cpe:2.3:a:x.org:libx11:1.2
-
cpe:2.3:a:x.org:libx11:1.2.1
-
cpe:2.3:a:x.org:libx11:1.2.2
-
cpe:2.3:a:x.org:libx11:1.2.99.901
-
cpe:2.3:a:x.org:libx11:1.3
-
cpe:2.3:a:x.org:libx11:1.3.1
-
cpe:2.3:a:x.org:libx11:1.3.2
-
cpe:2.3:a:x.org:libx11:1.3.3
-
cpe:2.3:a:x.org:libx11:1.3.4
-
cpe:2.3:a:x.org:libx11:1.3.5
-
cpe:2.3:a:x.org:libx11:1.3.6
-
cpe:2.3:a:x.org:libx11:1.3.99.901
-
cpe:2.3:a:x.org:libx11:1.3.99.902
-
cpe:2.3:a:x.org:libx11:1.3.99.903
-
cpe:2.3:a:x.org:libx11:1.4.0
-
cpe:2.3:a:x.org:libx11:1.4.1
-
cpe:2.3:a:x.org:libx11:1.4.2
-
cpe:2.3:a:x.org:libx11:1.4.3
-
cpe:2.3:a:x.org:libx11:1.4.4
-
cpe:2.3:a:x.org:libx11:1.4.99.1
-
cpe:2.3:a:x.org:libx11:1.4.99.901
-
cpe:2.3:a:x.org:libx11:1.4.99.902
-
cpe:2.3:a:x.org:libx11:1.5.0
-
cpe:2.3:a:x.org:libx11:1.5.99.901
-
cpe:2.3:a:x.org:libx11:1.5.99.902
-
cpe:2.3:a:x.org:libx11:1.6.0
-
cpe:2.3:a:x.org:libx11:1.6.1
-
cpe:2.3:a:x.org:libx11:1.6.10
-
cpe:2.3:a:x.org:libx11:1.6.2
-
cpe:2.3:a:x.org:libx11:1.6.3
-
cpe:2.3:a:x.org:libx11:1.6.4
-
cpe:2.3:a:x.org:libx11:1.6.5
-
cpe:2.3:a:x.org:libx11:1.6.6
-
cpe:2.3:a:x.org:libx11:1.6.7
-
cpe:2.3:a:x.org:libx11:1.6.8
-
cpe:2.3:a:x.org:libx11:1.6.9
-
cpe:2.3:o:fedoraproject:fedora:33