WID-SEC-W-2024-0778
Vulnerability from csaf_certbund
Published
2024-04-03 22:00
Modified
2024-06-05 22:00
Summary
X.Org X Server und Xming: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Das X Window System dient der Erzeugung grafischer Oberflächen auf Unix Systemen. Xming ist ein X-Server für Windows mit grafischem Interface.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen im X.Org X Server und in Xming ausnutzen, um vertrauliche Informationen offenzulegen und potenziell einen Denial-of-Service-Zustand auszulösen.
Betroffene Betriebssysteme
- Linux - MacOS X - UNIX - Windows



{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Das X Window System dient der Erzeugung grafischer Oberfl\u00e4chen auf Unix Systemen.\r\nXming ist ein X-Server f\u00fcr Windows mit grafischem Interface.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen im X.Org X Server und in Xming ausnutzen, um vertrauliche Informationen offenzulegen und potenziell einen Denial-of-Service-Zustand auszul\u00f6sen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- MacOS X\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0778 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0778.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0778 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0778"
      },
      {
        "category": "external",
        "summary": "X.Org Security Advisory vom 2024-04-03",
        "url": "https://seclists.org/oss-sec/2024/q2/22"
      },
      {
        "category": "external",
        "summary": "Xming Changes vom 2024-04-03",
        "url": "http://www.straightrunning.com/XmingNotes/changes.php"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory vom 2024-04-03",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-852d7faa63"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory vom 2024-04-03",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-a1d440af5c"
      },
      {
        "category": "external",
        "summary": "[ANNOUNCE] xorg-server 21.1.12",
        "url": "https://lists.x.org/archives/xorg-announce/2024-April/003499.html"
      },
      {
        "category": "external",
        "summary": "X.Org Security Advisory",
        "url": "https://lists.x.org/archives/xorg-announce/2024-April/003497.html"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2024-DD905788C4 vom 2024-04-04",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-dd905788c4"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2024-77FD3B2F2A vom 2024-04-04",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-77fd3b2f2a"
      },
      {
        "category": "external",
        "summary": "OpenBSD Errata 7.3 vom 2024-04-04",
        "url": "https://www.openbsd.org/errata73.html"
      },
      {
        "category": "external",
        "summary": "OpenBSD Errata 7.4 vom 2024-04-04",
        "url": "https://www.openbsd.org/errata74.html"
      },
      {
        "category": "external",
        "summary": "OpenBSD Errata 7.5 vom 2024-04-04",
        "url": "https://www.openbsd.org/errata75.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6721-1 vom 2024-04-04",
        "url": "https://ubuntu.com/security/notices/USN-6721-1"
      },
      {
        "category": "external",
        "summary": "OpenBSD 7.4 Errata",
        "url": "https://www.openbsd.org/errata74.html"
      },
      {
        "category": "external",
        "summary": "OpenBSD 7.3 Errata",
        "url": "https://www.openbsd.org/errata73.html"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2024-01A9916E9E vom 2024-04-09",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-01a9916e9e"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2024-1706127797 vom 2024-04-09",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-1706127797"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2024-5AF98298C7 vom 2024-04-09",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-5af98298c7"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6721-2 vom 2024-04-09",
        "url": "https://www.cybersecurity-help.cz/vdb/SB2024041011"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1199-1 vom 2024-04-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018317.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-1785 vom 2024-04-12",
        "url": "https://linux.oracle.com/errata/ELSA-2024-1785.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:1785 vom 2024-04-11",
        "url": "https://access.redhat.com/errata/RHSA-2024:1785"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1264-1 vom 2024-04-12",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018340.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1265-1 vom 2024-04-12",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018339.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1260-1 vom 2024-04-12",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018344.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5657 vom 2024-04-12",
        "url": "https://lists.debian.org/debian-security-announce/2024/msg00065.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1261-1 vom 2024-04-12",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018343.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1262-1 vom 2024-04-12",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018342.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1263-1 vom 2024-04-12",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018341.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-3787 vom 2024-04-15",
        "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00009.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2024-1928 vom 2024-04-16",
        "url": "https://alas.aws.amazon.com/ALAS-2024-1928.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2024-1927 vom 2024-04-16",
        "url": "https://alas.aws.amazon.com/ALAS-2024-1927.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2024-2510 vom 2024-04-18",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2510.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:2036 vom 2024-04-24",
        "url": "https://access.redhat.com/errata/RHSA-2024:2036"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:2041 vom 2024-04-24",
        "url": "https://access.redhat.com/errata/RHSA-2024:2041"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:2042 vom 2024-04-24",
        "url": "https://access.redhat.com/errata/RHSA-2024:2042"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:2040 vom 2024-04-24",
        "url": "https://access.redhat.com/errata/RHSA-2024:2040"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:2039 vom 2024-04-24",
        "url": "https://access.redhat.com/errata/RHSA-2024:2039"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-2037 vom 2024-04-25",
        "url": "http://linux.oracle.com/errata/ELSA-2024-2037.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:2038 vom 2024-04-24",
        "url": "https://access.redhat.com/errata/RHSA-2024:2038"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:2037 vom 2024-04-24",
        "url": "https://access.redhat.com/errata/RHSA-2024:2037"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:2080 vom 2024-04-29",
        "url": "http://access.redhat.com/errata/RHSA-2024:2080"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-2080 vom 2024-04-30",
        "url": "https://linux.oracle.com/errata/ELSA-2024-2080.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:2616 vom 2024-04-30",
        "url": "https://access.redhat.com/errata/RHSA-2024:2616"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2024:2037 vom 2024-05-06",
        "url": "https://errata.build.resf.org/RLSA-2024:2037"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-2616 vom 2024-05-07",
        "url": "https://linux.oracle.com/errata/ELSA-2024-2616.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:3258 vom 2024-05-22",
        "url": "https://access.redhat.com/errata/RHSA-2024:3258"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:3261 vom 2024-05-22",
        "url": "https://access.redhat.com/errata/RHSA-2024:3261"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:3343 vom 2024-05-23",
        "url": "https://access.redhat.com/errata/RHSA-2024:3343"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-3343 vom 2024-05-30",
        "url": "http://linux.oracle.com/errata/ELSA-2024-3343.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-3261 vom 2024-05-30",
        "url": "http://linux.oracle.com/errata/ELSA-2024-3261.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-3258 vom 2024-05-30",
        "url": "http://linux.oracle.com/errata/ELSA-2024-3258.html"
      },
      {
        "category": "external",
        "summary": "CentOS Security Advisory CESA-2024:1785 vom 2024-06-06",
        "url": "https://lwn.net/Articles/973024"
      },
      {
        "category": "external",
        "summary": "CentOS Security Advisory CESA-2024:2080 vom 2024-06-06",
        "url": "https://lwn.net/Articles/973023"
      }
    ],
    "source_lang": "en-US",
    "title": "X.Org X Server und Xming: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-06-05T22:00:00.000+00:00",
      "generator": {
        "date": "2024-06-06T08:36:38.051+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2024-0778",
      "initial_release_date": "2024-04-03T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-04-03T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-04-04T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-04-07T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates aufgenommen"
        },
        {
          "date": "2024-04-09T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Fedora aufgenommen"
        },
        {
          "date": "2024-04-10T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-04-11T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Oracle Linux und Red Hat aufgenommen"
        },
        {
          "date": "2024-04-14T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von SUSE und Debian aufgenommen"
        },
        {
          "date": "2024-04-15T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2024-04-16T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2024-04-17T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2024-04-24T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
        },
        {
          "date": "2024-04-29T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
        },
        {
          "date": "2024-05-01T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-05-06T22:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
        },
        {
          "date": "2024-05-07T22:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-05-21T22:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-05-23T22:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-05-30T22:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-06-05T22:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von CentOS aufgenommen"
        }
      ],
      "status": "final",
      "version": "19"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source CentOS",
            "product": {
              "name": "Open Source CentOS",
              "product_id": "1727",
              "product_identification_helper": {
                "cpe": "cpe:/o:centos:centos:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c21.1.12",
                "product": {
                  "name": "Open Source X.Org X11 \u003c21.1.12",
                  "product_id": "T033892",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:x:x.org_x11:21.1.12"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "X.Org X11"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c7.7.1.2",
                "product": {
                  "name": "Open Source Xming \u003c7.7.1.2",
                  "product_id": "T033891",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:open_source:xming:7.7.1.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Xming"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "7.3",
                "product": {
                  "name": "OpenBSD OpenBSD 7.3",
                  "product_id": "T027887",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:openbsd:openbsd:7.3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.3",
                "product": {
                  "name": "OpenBSD OpenBSD 7.3",
                  "product_id": "T030010",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:openbsd:openbsd:7.3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.4",
                "product": {
                  "name": "OpenBSD OpenBSD 7.4",
                  "product_id": "T030792",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:openbsd:openbsd:7.4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.4",
                "product": {
                  "name": "OpenBSD OpenBSD 7.4",
                  "product_id": "T033213",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:openbsd:openbsd:7.4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.5",
                "product": {
                  "name": "OpenBSD OpenBSD 7.5",
                  "product_id": "T033898",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:openbsd:openbsd:7.5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "OpenBSD"
          }
        ],
        "category": "vendor",
        "name": "OpenBSD"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "RESF Rocky Linux",
            "product": {
              "name": "RESF Rocky Linux",
              "product_id": "T032255",
              "product_identification_helper": {
                "cpe": "cpe:/o:resf:rocky_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "RESF"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-31080",
      "notes": [
        {
          "category": "description",
          "text": "Im X.Org X-Server und in Xming gibt es mehrere Schwachstellen. Diese sind auf ein Byte-Swapping-Problem bei der Berechnung der L\u00e4nge der zur\u00fcckzusendenden Daten zur\u00fcckzuf\u00fchren. Wenn die L\u00e4nge der zur\u00fcckzusendenden Daten gr\u00f6\u00dfer ist als die tats\u00e4chlich zur\u00fcckzusendende Datenmenge, werden zus\u00e4tzliche Speicherinhalte gesendet oder es tritt ein Segmentierungsfehler auf. Ein entfernter, anonymer Angreifer kann diese Schwachstellen mit speziell gestalteten Anfragen ausnutzen, um vertrauliche Informationen offenzulegen und potenziell einen Denial-of-Service-Zustand auszul\u00f6sen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033898",
          "T033213",
          "67646",
          "T004914",
          "T032255",
          "74185",
          "T030792",
          "T030010",
          "2951",
          "T002207",
          "T000126",
          "T027887",
          "398363",
          "1727"
        ]
      },
      "release_date": "2024-04-03T22:00:00Z",
      "title": "CVE-2024-31080"
    },
    {
      "cve": "CVE-2024-31081",
      "notes": [
        {
          "category": "description",
          "text": "Im X.Org X-Server und in Xming gibt es mehrere Schwachstellen. Diese sind auf ein Byte-Swapping-Problem bei der Berechnung der L\u00e4nge der zur\u00fcckzusendenden Daten zur\u00fcckzuf\u00fchren. Wenn die L\u00e4nge der zur\u00fcckzusendenden Daten gr\u00f6\u00dfer ist als die tats\u00e4chlich zur\u00fcckzusendende Datenmenge, werden zus\u00e4tzliche Speicherinhalte gesendet oder es tritt ein Segmentierungsfehler auf. Ein entfernter, anonymer Angreifer kann diese Schwachstellen mit speziell gestalteten Anfragen ausnutzen, um vertrauliche Informationen offenzulegen und potenziell einen Denial-of-Service-Zustand auszul\u00f6sen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033898",
          "T033213",
          "67646",
          "T004914",
          "T032255",
          "74185",
          "T030792",
          "T030010",
          "2951",
          "T002207",
          "T000126",
          "T027887",
          "398363",
          "1727"
        ]
      },
      "release_date": "2024-04-03T22:00:00Z",
      "title": "CVE-2024-31081"
    },
    {
      "cve": "CVE-2024-31082",
      "notes": [
        {
          "category": "description",
          "text": "Im X.Org X-Server und in Xming gibt es mehrere Schwachstellen. Diese sind auf ein Byte-Swapping-Problem bei der Berechnung der L\u00e4nge der zur\u00fcckzusendenden Daten zur\u00fcckzuf\u00fchren. Wenn die L\u00e4nge der zur\u00fcckzusendenden Daten gr\u00f6\u00dfer ist als die tats\u00e4chlich zur\u00fcckzusendende Datenmenge, werden zus\u00e4tzliche Speicherinhalte gesendet oder es tritt ein Segmentierungsfehler auf. Ein entfernter, anonymer Angreifer kann diese Schwachstellen mit speziell gestalteten Anfragen ausnutzen, um vertrauliche Informationen offenzulegen und potenziell einen Denial-of-Service-Zustand auszul\u00f6sen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033898",
          "T033213",
          "67646",
          "T004914",
          "T032255",
          "74185",
          "T030792",
          "T030010",
          "2951",
          "T002207",
          "T000126",
          "T027887",
          "398363",
          "1727"
        ]
      },
      "release_date": "2024-04-03T22:00:00Z",
      "title": "CVE-2024-31082"
    },
    {
      "cve": "CVE-2024-31083",
      "notes": [
        {
          "category": "description",
          "text": "Im X.Org X-Server und in Xming gibt es mehrere Schwachstellen. Diese sind auf ein Byte-Swapping-Problem bei der Berechnung der L\u00e4nge der zur\u00fcckzusendenden Daten zur\u00fcckzuf\u00fchren. Wenn die L\u00e4nge der zur\u00fcckzusendenden Daten gr\u00f6\u00dfer ist als die tats\u00e4chlich zur\u00fcckzusendende Datenmenge, werden zus\u00e4tzliche Speicherinhalte gesendet oder es tritt ein Segmentierungsfehler auf. Ein entfernter, anonymer Angreifer kann diese Schwachstellen mit speziell gestalteten Anfragen ausnutzen, um vertrauliche Informationen offenzulegen und potenziell einen Denial-of-Service-Zustand auszul\u00f6sen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033898",
          "T033213",
          "67646",
          "T004914",
          "T032255",
          "74185",
          "T030792",
          "T030010",
          "2951",
          "T002207",
          "T000126",
          "T027887",
          "398363",
          "1727"
        ]
      },
      "release_date": "2024-04-03T22:00:00Z",
      "title": "CVE-2024-31083"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.