NVD Vulnerability Detail

CVE-2020-14363

Summary	An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to confidentiality, integrity as well as system availability.
Publication Date	Sept. 12, 2020, 3:15 a.m.
Registration Date	Jan. 26, 2021, 11:52 a.m.
Last Update	Nov. 21, 2024, 2:03 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:x.org:libx11::::::::					1.6.12

Configuration2		or higher	or less	more than	less than
cpe:2.3:o:fedoraproject:fedora:33:::::::*

Related information, measures and tools

No	URL	タグ
1	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14363	Issue Tracking Third Party Advisory
2	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14363	Issue Tracking Third Party Advisory
3	https://github.com/Ruia-ruia/Exploits/blob/master/DFX11details.txt	Third Party Advisory
4	https://github.com/Ruia-ruia/Exploits/blob/master/DFX11details.txt	Third Party Advisory
5	https://github.com/Ruia-ruia/Exploits/blob/master/x11doublefree.sh	Exploit Third Party Advisory
6	https://github.com/Ruia-ruia/Exploits/blob/master/x11doublefree.sh	Exploit Third Party Advisory
7	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/
8	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/
9	https://lists.x.org/archives/xorg-announce/2020-August/003056.html	Vendor Advisory
10	https://lists.x.org/archives/xorg-announce/2020-August/003056.html	Vendor Advisory
11	https://usn.ubuntu.com/4487-2/	Third Party Advisory
12	https://usn.ubuntu.com/4487-2/	Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-190	整数オーバーフローまたはラップアラウンド	https://cwe.mitre.org/data/definitions/190.html

JVN Vulnerability Information

libX11 における整数オーバーフローの脆弱性

Title	libX11 における整数オーバーフローの脆弱性
Summary	libX11 には、整数オーバーフローの脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Aug. 25, 2020, midnight
Registration Date	March 11, 2021, 5:45 p.m.
Last Update	March 11, 2021, 5:45 p.m.

Affected System

X.Org Foundation

libX11

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2020-14363	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14363
National Vulnerability Database (NVD)
2	CVE-2020-14363	https://nvd.nist.gov/vuln/detail/CVE-2020-14363

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-190	https://cwe.mitre.org/data/definitions/190.html

ベンダー情報

No	Name	URL
X.Org Security Advisory
1	X.Org libX11 security advisory: August 25, 2020	https://lists.x.org/archives/xorg-announce/2020-August/003056.html

Change Log

No	Changed Details	Date of change
1	[2021年03月11日] 掲載	March 11, 2021, 5:45 p.m.