VDB
DEBIAN-CVE-2024-31080
DEBIAN-CVE-2024-31080
PUBLISHED
CVSS 7.300000190734863 HIGH
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.
Risk Scores
CVSS 3.1
7.300000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | xwayland | 0, 0 |
| Debian:13 | xorg-server | 0, 0 |
| Debian:14 | xwayland | 0, 0 |
| Debian:12 | xwayland | 23.2.0-1, 23.2.1-1, 23.2.2-1 |
| Debian:11 | xorg-server | 1.20.11-1, 0, 2:1.20.11-1+deb11u11 |
| Debian:14 | xorg-server | 0, 0 |
| Debian:12 | xorg-server | 0, 2:21.1.7-3, 2:21.1.7-3+deb12u1 |
Exploit Intelligence
- errata73.html (github-poc)
- patching.bash (github-poc)
Timeline
- Apr 4, 2024 CVE Published
- Apr 28, 2026 CVE Updated