VDB
DEBIAN-CVE-2024-21886
DEBIAN-CVE-2024-21886
PUBLISHED
CVSS 7.800000190734863 HIGH
A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments.
Risk Scores
CVSS v3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | xorg-server | *, 2:1.20.11-1+deb11u7, 2:1.20.11-1+deb11u8 |
| Debian:13 | xorg-server | 0, 0, 0 |
| Debian:14 | xorg-server | 0, 0, 0 |
| Debian:12 | xorg-server | *, 0, 2:21.1.7-3 |
| Debian:13 | xwayland | 0, 0, 0 |
| Debian:14 | xwayland | 0, 0, 0 |
| Debian:12 | xwayland | 23.1.0-1, 23.1.1-1, 23.2.0-1 |
Timeline
- Feb 28, 2024 CVE Published
- Apr 28, 2026 CVE Updated