A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size.
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Name | Vendor | Start Version | End Version |
---|---|---|---|
Tigervnc | Tigervnc | - (including) | - (including) |
Red Hat Enterprise Linux 7 Extended Lifecycle Support | RedHat | tigervnc-0:1.8.0-36.el7_9 | * |
Red Hat Enterprise Linux 7 Extended Lifecycle Support | RedHat | xorg-x11-server-0:1.20.4-30.el7_9 | * |
Red Hat Enterprise Linux 8 | RedHat | tigervnc-0:1.13.1-15.el8_10 | * |
Red Hat Enterprise Linux 8.2 Advanced Update Support | RedHat | tigervnc-0:1.9.0-15.el8_2.13 | * |
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | RedHat | tigervnc-0:1.11.0-8.el8_4.12 | * |
Red Hat Enterprise Linux 8.4 Telecommunications Update Service | RedHat | tigervnc-0:1.11.0-8.el8_4.12 | * |
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | RedHat | tigervnc-0:1.11.0-8.el8_4.12 | * |
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | RedHat | tigervnc-0:1.12.0-6.el8_6.13 | * |
Red Hat Enterprise Linux 8.6 Telecommunications Update Service | RedHat | tigervnc-0:1.12.0-6.el8_6.13 | * |
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | RedHat | tigervnc-0:1.12.0-6.el8_6.13 | * |
Red Hat Enterprise Linux 8.8 Extended Update Support | RedHat | tigervnc-0:1.12.0-15.el8_8.12 | * |
Red Hat Enterprise Linux 9 | RedHat | tigervnc-0:1.14.1-1.el9_5.1 | * |
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | RedHat | tigervnc-0:1.11.0-22.el9_0.13 | * |
Red Hat Enterprise Linux 9.2 Extended Update Support | RedHat | tigervnc-0:1.12.0-14.el9_2.10 | * |
Red Hat Enterprise Linux 9.4 Extended Update Support | RedHat | tigervnc-0:1.13.1-8.el9_4.5 | * |
Xorg-server | Ubuntu | devel | * |
Xorg-server | Ubuntu | esm-infra/bionic | * |
Xorg-server | Ubuntu | esm-infra/xenial | * |
Xorg-server | Ubuntu | focal | * |
Xorg-server | Ubuntu | jammy | * |
Xorg-server | Ubuntu | noble | * |
Xorg-server | Ubuntu | oracular | * |
Xorg-server | Ubuntu | upstream | * |
Xorg-server-hwe-16.04 | Ubuntu | esm-infra/xenial | * |
Xorg-server-hwe-18.04 | Ubuntu | esm-infra/bionic | * |
Xwayland | Ubuntu | devel | * |
Xwayland | Ubuntu | jammy | * |
Xwayland | Ubuntu | noble | * |
Xwayland | Ubuntu | oracular | * |
Xwayland | Ubuntu | upstream | * |