Vulnerability Description
A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| X.Org | X Server | < 1.20.9 |
| Canonical | Ubuntu Linux | 14.04 |
| Redhat | Enterprise Linux | 6.0 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1862246Issue TrackingThird Party Advisory
- https://lists.x.org/archives/xorg-announce/2020-August/003058.htmlMailing ListPatchVendor Advisory
- https://security.gentoo.org/glsa/202012-01Third Party Advisory
- https://usn.ubuntu.com/4488-2/Third Party Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-20-1417/Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=1862246Issue TrackingThird Party Advisory
- https://lists.x.org/archives/xorg-announce/2020-August/003058.htmlMailing ListPatchVendor Advisory
- https://security.gentoo.org/glsa/202012-01Third Party Advisory
- https://usn.ubuntu.com/4488-2/Third Party Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-20-1417/Third Party AdvisoryVDB Entry
FAQ
What is CVE-2020-14346?
CVE-2020-14346 is a vulnerability with a CVSS score of 7.8 (HIGH). A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat f...
How severe is CVE-2020-14346?
CVE-2020-14346 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-14346?
Check the references section above for vendor advisories and patch information. Affected products include: X.Org X Server, Canonical Ubuntu Linux, Redhat Enterprise Linux.