NVD Vulnerability Detail

CVE-2017-10971

Summary	In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events.
Publication Date	July 6, 2017, 8:29 p.m.
Registration Date	Jan. 26, 2021, 1:12 p.m.
Last Update	Nov. 21, 2024, 12:06 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:x.org:xorg-server::::::::			1.19.3

Related information, measures and tools

No	URL	タグ
1	http://www.debian.org/security/2017/dsa-3905
2	http://www.debian.org/security/2017/dsa-3905
3	http://www.securityfocus.com/bid/99546	Third Party Advisory VDB Entry
4	http://www.securityfocus.com/bid/99546	Third Party Advisory VDB Entry
5	https://bugzilla.suse.com/show_bug.cgi?id=1035283	Issue Tracking Third Party Advisory
6	https://bugzilla.suse.com/show_bug.cgi?id=1035283	Issue Tracking Third Party Advisory
7	https://cgit.freedesktop.org/xorg/xserver/commit/?id=215f894965df5fb0bb45b107d84524e700d2073c	Mailing List Third Party Advisory
8	https://cgit.freedesktop.org/xorg/xserver/commit/?id=215f894965df5fb0bb45b107d84524e700d2073c	Mailing List Third Party Advisory
9	https://cgit.freedesktop.org/xorg/xserver/commit/?id=8caed4df36b1f802b4992edcfd282cbeeec35d9d	Mailing List Third Party Advisory
10	https://cgit.freedesktop.org/xorg/xserver/commit/?id=8caed4df36b1f802b4992edcfd282cbeeec35d9d	Mailing List Third Party Advisory
11	https://cgit.freedesktop.org/xorg/xserver/commit/?id=ba336b24052122b136486961c82deac76bbde455	Mailing List Third Party Advisory
12	https://cgit.freedesktop.org/xorg/xserver/commit/?id=ba336b24052122b136486961c82deac76bbde455	Mailing List Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html

JVN Vulnerability Information

X.Org の X サーバにおけるクラッシュを引き起こされる脆弱性

Title	X.Org の X サーバにおけるクラッシュを引き起こされる脆弱性
Summary	X.Org の X サーバには、クラッシュを引き起こされる、または X サーバのコンテキスト内でコードを実行される脆弱性が存在します。
Possible impacts	X セッション用に認証されたユーザにより、エンディアン変換でのスタックオーバーフローを利用されることで、クラッシュを引き起こされる、または X サーバのコンテキスト内でコードを実行される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	June 19, 2017, midnight
Registration Date	Aug. 14, 2017, 6:04 p.m.
Last Update	Aug. 14, 2017, 6:04 p.m.

Affected System

X.Org Foundation

X.Org Server 2017-06-19 より前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2017-10971	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10971
National Vulnerability Database (NVD)
2	CVE-2017-10971	https://nvd.nist.gov/vuln/detail/CVE-2017-10971

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
freedesktop.org
1	dix: Disallow GenericEvent in SendEvent request.	https://cgit.freedesktop.org/xorg/xserver/commit/?id=215f894965df5fb0bb45b107d84524e700d2073c
2	Xi: Do not try to swap GenericEvent.	https://cgit.freedesktop.org/xorg/xserver/commit/?id=ba336b24052122b136486961c82deac76bbde455
3	Xi: Verify all events in ProcXSendExtensionEvent.	https://cgit.freedesktop.org/xorg/xserver/commit/?id=8caed4df36b1f802b4992edcfd282cbeeec35d9d

Change Log

No	Changed Details	Date of change
0	[2017年08月14日] 掲載	Feb. 17, 2018, 10:37 a.m.