CVE-2020-14363 Information

Description

An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash or in some cases result in arbitrary code execution. The highest threat from this flaw is to confidentiality integrity as well as system availability.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14363 https://github.com/Ruia-ruia/Exploits/blob/master/DFX11details.txt https://github.com/Ruia-ruia/Exploits/blob/master/x11doublefree.sh https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/ https://lists.x.org/archives/xorg-announce/2020-August/003056.html https://usn.ubuntu.com/4487-2/

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8