CVE-2024-21885

CVSS V2 None CVSS V3 None
Description
A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remote code execution in SSH X11 forwarding environments.
Overview
  • CVE ID
  • CVE-2024-21885
  • Assigner
  • redhat
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-02-28T12:11:59.650Z
  • Last Modified Date
  • 2024-06-18T18:32:15.149Z
Weakness Enumerations
CWE URL
CWE-122 http://cwe.mitre.org/data/definitions/122.html
References
Reference URL Reference Tags
https://access.redhat.com/errata/RHSA-2024:0320 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0557 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0558 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0597 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0607 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0614 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0617 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0621 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0626 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0629 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2169 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2170 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2995 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2996 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-21885 vdb-entry x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2256540 issue-tracking x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20240503-0004/
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2024-21885
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21885
History
Created Old Value New Value Data Type Notes
2024-06-26 15:20:17 Added to TrackCVE