CVE-2020-14363 — HIGH (7.8)

Q: How severe is CVE-2020-14363?

CVE-2020-14363 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-14363?

Check the references section above for vendor advisories and patch information. Affected products include: X.Org Libx11, Fedoraproject Fedora.

Vulnerability Description

An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to confidentiality, integrity as well as system availability.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
X.Org	Libx11	< 1.6.12
Fedoraproject	Fedora	33

Related Weaknesses (CWE)

CWE-190 CWE-416

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14363Issue TrackingThird Party Advisory
https://github.com/Ruia-ruia/Exploits/blob/master/DFX11details.txtThird Party Advisory
https://github.com/Ruia-ruia/Exploits/blob/master/x11doublefree.shExploitThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.x.org/archives/xorg-announce/2020-August/003056.htmlVendor Advisory
https://usn.ubuntu.com/4487-2/Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14363Issue TrackingThird Party Advisory
https://github.com/Ruia-ruia/Exploits/blob/master/DFX11details.txtThird Party Advisory
https://github.com/Ruia-ruia/Exploits/blob/master/x11doublefree.shExploitThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.x.org/archives/xorg-announce/2020-August/003056.htmlVendor Advisory
https://usn.ubuntu.com/4487-2/Third Party Advisory

FAQ

What is CVE-2020-14363?

CVE-2020-14363 is a vulnerability with a CVSS score of 7.8 (HIGH). An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, re...

How severe is CVE-2020-14363?

CVE-2020-14363 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-14363?

Check the references section above for vendor advisories and patch information. Affected products include: X.Org Libx11, Fedoraproject Fedora.