CVE-2022-46344

CVSS V2 None CVSS V3 None
Description
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
Overview
  • CVE ID
  • CVE-2022-46344
  • Assigner
  • secalert@redhat.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-12-14T21:15:13
  • Last Modified Date
  • 2023-02-23T22:58:19
Weakness Enumerations
CWE URL
CWE-125 http://cwe.mitre.org/data/definitions/125.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:a:x.org:x_server:1.20.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* 1 OR
References
Reference URL Reference Tags
https://access.redhat.com/errata/RHSA-2023:0045
https://access.redhat.com/errata/RHSA-2023:0046
https://access.redhat.com/security/cve/CVE-2022-46344 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2151760 Issue Tracking Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/
https://www.debian.org/security/2022/dsa-5304
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-46344
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46344
History
Created Old Value New Value Data Type Notes
2022-12-14 22:14:54 Added to TrackCVE
2022-12-18 09:30:11 2022-12-14T21:15:13.600 2022-12-14T21:15:13 CVE Published Date updated
2022-12-18 09:30:11 2022-12-16T05:15:18 CVE Modified Date updated
2022-12-18 09:30:11 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2022-12-18 09:30:19 References updated
2022-12-19 03:15:35 2022-12-19T03:15:11 CVE Modified Date updated
2022-12-19 03:15:38 References updated
2022-12-19 21:14:58 2022-12-19T20:32:49 CVE Modified Date updated
2022-12-19 21:14:58 CWE-125 Weakness Enumeration new
2022-12-19 21:15:02 CPE Information updated
2022-12-21 07:02:28 2022-12-21T04:15:11 CVE Modified Date updated
2022-12-21 07:02:28 Undergoing Analysis Modified Vulnerability Status updated
2022-12-21 07:02:29 References updated
2022-12-22 20:15:31 Modified Undergoing Analysis Vulnerability Status updated
2022-12-26 04:16:12 2022-12-26T04:15:11 CVE Modified Date updated
2022-12-26 04:16:14 References updated
2022-12-27 01:15:32 2022-12-27T01:15:10 CVE Modified Date updated
2023-02-02 22:14:55 2023-02-02T21:22:43 CVE Modified Date updated
2023-02-02 22:14:55 A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. A vulnerability was found in X.Org. The issue occurs because the handler for the XIChangeProperty request has a length-validation issue, resulting in out-of-bounds memory reads and potential information disclosure. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions. Description updated
2023-02-02 22:14:56 References updated
2023-02-12 22:19:18 2023-02-12T22:15:30 CVE Modified Date updated
2023-02-12 22:19:19 A vulnerability was found in X.Org. The issue occurs because the handler for the XIChangeProperty request has a length-validation issue, resulting in out-of-bounds memory reads and potential information disclosure. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions. A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. Description updated
2023-02-23 23:15:57 2023-02-23T22:58:19 CVE Modified Date updated
2023-02-23 23:15:57 Undergoing Analysis Analyzed Vulnerability Status updated