Vulnerability CVE-2019-17624: Information

Description

"" In X.Org X Server 1.20.4, there is a stack-based buffer overflow in the function XQueryKeymap. For example, by sending ct.c_char 1000 times, an attacker can cause a denial of service (application crash) or possibly have unspecified other impact. Note: It is disputed if the X.Org X Server is involved or if there is a stack overflow.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2019-17624
Published: Oct. 16, 2019
Modified: Aug. 24, 2020
Error type identifier: CWE-787

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
xorg-serversisyphus1.20.5-alt121.1.13-alt1ALT-PU-2019-1984-1231384Fixed
xorg-serversisyphus_riscv641.20.14-alt121.1.13-alt1ALT-PU-2021-4696-1-Fixed
xorg-serverp101.20.5-alt11.20.14-alt13ALT-PU-2019-1984-1231384Fixed
xorg-serverp91.20.5-alt21.20.8-alt12ALT-PU-2019-2671-1237324Fixed
xorg-serverc10f11.20.5-alt11.20.14-alt12ALT-PU-2019-1984-1231384Fixed
xorg-serverc9f21.20.5-alt21.20.8-alt12ALT-PU-2019-2671-1237324Fixed
xorg-serverp111.20.5-alt121.1.13-alt1ALT-PU-2019-1984-1231384Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://www.x.org/releases/individual/xserver/
  • Release Notes
  • Vendor Advisory
https://www.exploit-db.com/exploits/47507
  • Exploit
  • Third Party Advisory
  • VDB Entry
http://packetstormsecurity.com/files/154868/X.Org-X-Server-1.20.4-Local-Stack-Overflow.html
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:*
      End including
      1.20.4
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top