Home

CVE-2021-31535

Description

LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request (intended for server-side color lookup) contains a flaw allowing a client to send color-name requests with a name longer than the maximum size allowed by the protocol (and also longer than the maximum packet size for normal-sized packets). The user-controlled data exceeding the maximum size is then interpreted by the server as additional X protocol requests and executed, e.g., to disable X server authorization completely. For example, if the victim encounters malicious terminal control sequences for color codes, then the attacker may be able to take full control of the running graphical session.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
2.06

Associated Vulnerability

VulnerabilityOS Platform
SUSE-SU-2021:1766-1(SUSE Linux Enterprise Server 12-SP5 ) libX11-6-1.6.2-12.18.1.x86_64.rpmLinux
SUSE-SU-2021:1766-1(SUSE Linux Enterprise Server 12-SP5 ) libX11-6-32bit-1.6.2-12.18.1.x86_64.rpmLinux
SUSE-SU-2021:1766-1(SUSE Linux Enterprise Server 12-SP5 ) libX11-6-debuginfo-1.6.2-12.18.1.x86_64.rpmLinux
SUSE-SU-2021:1766-1(SUSE Linux Enterprise Server 12-SP5 ) libX11-6-debuginfo-32bit-1.6.2-12.18.1.x86_64.rpmLinux
SUSE-SU-2021:1766-1(SUSE Linux Enterprise Server 12-SP5 ) libX11-data-1.6.2-12.18.1.noarch.rpmLinux
SUSE-SU-2021:1766-1(SUSE Linux Enterprise Server 12-SP5 ) libX11-debugsource-1.6.2-12.18.1.x86_64.rpmLinux
SUSE-SU-2021:1766-1(SUSE Linux Enterprise Server 12-SP5 ) libX11-xcb1-1.6.2-12.18.1.x86_64.rpmLinux
SUSE-SU-2021:1766-1(SUSE Linux Enterprise Server 12-SP5 ) libX11-xcb1-32bit-1.6.2-12.18.1.x86_64.rpmLinux
SUSE-SU-2021:1766-1(SUSE Linux Enterprise Server 12-SP5 ) libX11-xcb1-debuginfo-1.6.2-12.18.1.x86_64.rpmLinux
SUSE-SU-2021:1766-1(SUSE Linux Enterprise Server 12-SP5 ) libX11-xcb1-debuginfo-32bit-1.6.2-12.18.1.x86_64.rpmLinux
X11 client-side library (USN-4966-1) libx11-6_1.6.4-3ubuntu0.4_i386.debLinux
X11 client-side library (USN-4966-1) libx11-6_1.6.4-3ubuntu0.4_amd64.debLinux
X11 client-side library (USN-4966-1) libx11-6_1.6.9-2ubuntu1.2_i386.debLinux
X11 client-side library (USN-4966-1) libx11-6_1.6.9-2ubuntu1.2_amd64.debLinux
X11 client-side library (USN-4966-1) libx11-6_1.7.0-2ubuntu0.1_i386.debLinux
X11 client-side library (USN-4966-1) libx11-6_1.7.0-2ubuntu0.1_amd64.debLinux
X11 client-side library (USN-4966-1) libx11-6_1.6.12-1ubuntu0.1_i386.debLinux
X11 client-side library (USN-4966-1) libx11-6_1.6.12-1ubuntu0.1_amd64.debLinux
SUSE-SU-2021:1892-1(SUSE Linux Enterprise Server 12-SP5 ) libX11-6-1.6.2-12.21.1.x86_64.rpmLinux
SUSE-SU-2021:1892-1(SUSE Linux Enterprise Server 12-SP5 ) libX11-6-32bit-1.6.2-12.21.1.x86_64.rpmLinux
SUSE-SU-2021:1892-1(SUSE Linux Enterprise Server 12-SP5 ) libX11-6-debuginfo-1.6.2-12.21.1.x86_64.rpmLinux
SUSE-SU-2021:1892-1(SUSE Linux Enterprise Server 12-SP5 ) libX11-6-debuginfo-32bit-1.6.2-12.21.1.x86_64.rpmLinux
SUSE-SU-2021:1892-1(SUSE Linux Enterprise Server 12-SP5 ) libX11-data-1.6.2-12.21.1.noarch.rpmLinux
SUSE-SU-2021:1892-1(SUSE Linux Enterprise Server 12-SP5 ) libX11-debugsource-1.6.2-12.21.1.x86_64.rpmLinux
SUSE-SU-2021:1892-1(SUSE Linux Enterprise Server 12-SP5 ) libX11-xcb1-1.6.2-12.21.1.x86_64.rpmLinux
SUSE-SU-2021:1892-1(SUSE Linux Enterprise Server 12-SP5 ) libX11-xcb1-32bit-1.6.2-12.21.1.x86_64.rpmLinux
SUSE-SU-2021:1892-1(SUSE Linux Enterprise Server 12-SP5 ) libX11-xcb1-debuginfo-1.6.2-12.21.1.x86_64.rpmLinux
SUSE-SU-2021:1892-1(SUSE Linux Enterprise Server 12-SP5 ) libX11-xcb1-debuginfo-32bit-1.6.2-12.21.1.x86_64.rpmLinux
(RHSA-2021:3296) libX11 security update libX11-1.6.7-4.el7_9.i686.rpmLinux
(RHSA-2021:3296) libX11 security update libX11-1.6.7-4.el7_9.x86_64.rpmLinux
(RHSA-2021:3296) libX11 security update libX11-common-1.6.7-4.el7_9.noarch.rpmLinux
(RHSA-2021:3296) libX11 security update libX11-devel-1.6.7-4.el7_9.i686.rpmLinux
(RHSA-2021:3296) libX11 security update libX11-devel-1.6.7-4.el7_9.x86_64.rpmLinux
LibX11 update (ELSA-2021-3296) libX11-1.6.7-4.el7_9.i686.rpmLinux
LibX11 update (ELSA-2021-3296) libX11-1.6.7-4.el7_9.x86_64.rpmLinux
LibX11-common update (ELSA-2021-3296) libX11-common-1.6.7-4.el7_9.noarch.rpmLinux
LibX11-devel update (ELSA-2021-3296) libX11-devel-1.6.7-4.el7_9.i686.rpmLinux
LibX11-devel update (ELSA-2021-3296) libX11-devel-1.6.7-4.el7_9.x86_64.rpmLinux
(RHSA-2021:3296)Important: security update libX11-debuginfo-1.6.7-4.el7_9.i686.rpmLinux
(RHSA-2021:3296)Important: security update libX11-debuginfo-1.6.7-4.el7_9.x86_64.rpmLinux
libX11 security update (RLSA-2021:4326) libX11-1.6.8-5.el8.i686.rpmLinux
libX11 security update (RLSA-2021:4326) libX11-1.6.8-5.el8.x86_64.rpmLinux
libX11 security update (RLSA-2021:4326) libX11-xcb-1.6.8-5.el8.i686.rpmLinux
libX11 security update (RLSA-2021:4326) libX11-xcb-1.6.8-5.el8.x86_64.rpmLinux
libX11 security update (RLSA-2021:4326) libX11-devel-1.6.8-5.el8.i686.rpmLinux
libX11 security update (RLSA-2021:4326) libX11-devel-1.6.8-5.el8.x86_64.rpmLinux
libX11 security update (RLSA-2021:4326) libX11-common-1.6.8-5.el8.noarch.rpmLinux
Buffer Copy without Checking Size of Input (Classic Buffer Overflow) Vulnerability (CVE-2021-31535)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234