CVE-2008-1377
Description
The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
2.373
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| (RHSA-2008:0504) Important: xorg-x11-server security update xorg-x11-server-randr-source-1.1.1-48.41.el5_2.1.i386.rpm | Linux |
| (RHSA-2008:0504) Important: xorg-x11-server security update xorg-x11-server-randr-source-1.1.1-48.41.el5_2.1.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234