CVE-2020-14344 — MEDIUM (6.7)

Q: How severe is CVE-2020-14344?

CVE-2020-14344 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-14344?

Check the references section above for vendor advisories and patch information. Affected products include: X.Org Libx11, Fedoraproject Fedora, Canonical Ubuntu Linux, Opensuse Leap.

Vulnerability Description

An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux.

CVSS Score

6.7

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
X.Org	Libx11	< 1.6.10
Fedoraproject	Fedora	31
Canonical	Ubuntu Linux	12.04
Opensuse	Leap	15.1

Related Weaknesses (CWE)

CWE-190

References

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00014.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00015.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00024.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00031.htmlMailing ListThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14344Issue TrackingPatchThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.x.org/archives/xorg-announce/2020-July/003050.htmlMailing ListPatchVendor Advisory
https://security.gentoo.org/glsa/202008-18Third Party Advisory
https://usn.ubuntu.com/4487-1/Third Party Advisory
https://usn.ubuntu.com/4487-2/Third Party Advisory
https://www.openwall.com/lists/oss-security/2020/07/31/1Mailing ListPatchThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00014.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00015.htmlMailing ListThird Party Advisory

FAQ

What is CVE-2020-14344?

CVE-2020-14344 is a vulnerability with a CVSS score of 6.7 (MEDIUM). An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setui...

How severe is CVE-2020-14344?

CVE-2020-14344 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-14344?

Check the references section above for vendor advisories and patch information. Affected products include: X.Org Libx11, Fedoraproject Fedora, Canonical Ubuntu Linux, Opensuse Leap.