CVE-2024-21885

Name
CVE-2024-21885
Description
A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remote code execution in SSH X11 forwarding environments.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
vendor-advisory https://access.redhat.com/errata/RHSA-2024:0320
vendor-advisory https://access.redhat.com/errata/RHSA-2024:0557
vendor-advisory https://access.redhat.com/errata/RHSA-2024:0558
vendor-advisory https://access.redhat.com/errata/RHSA-2024:0597
vendor-advisory https://access.redhat.com/errata/RHSA-2024:0607
vendor-advisory https://access.redhat.com/errata/RHSA-2024:0614
vendor-advisory https://access.redhat.com/errata/RHSA-2024:0617
vendor-advisory https://access.redhat.com/errata/RHSA-2024:0621
vendor-advisory https://access.redhat.com/errata/RHSA-2024:0626
vendor-advisory https://access.redhat.com/errata/RHSA-2024:0629
vdb-entry https://access.redhat.com/security/cve/CVE-2024-21885
issue-tracking https://bugzilla.redhat.com/show_bug.cgi?id=2256540
vendor-advisory https://access.redhat.com/errata/RHSA-2024:2169
vendor-advisory https://access.redhat.com/errata/RHSA-2024:2170
secalert@redhat.com https://security.netapp.com/advisory/ntap-20240503-0004/
vendor-advisory https://access.redhat.com/errata/RHSA-2024:2995
vendor-advisory https://access.redhat.com/errata/RHSA-2024:2996

Match rules

CPE URI Source package Min version Max version
cpe:/a:redhat:enterprise_linux:8::appstream shopxo >= 0:1.13.1-2.el8_9.7 < *
cpe:/a:redhat:enterprise_linux:8::crb shopxo >= 0:1.20.11-22.el8 < *
cpe:/a:redhat:enterprise_linux:8::appstream shopxo >= 0:21.1.3-15.el8 < *
cpe:/a:redhat:rhel_tus:8.2::appstream shopxo >= 0:1.9.0-15.el8_2.9 < *
cpe:/a:redhat:rhel_eus:8.6::appstream shopxo >= 0:1.12.0-6.el8_6.9 < *
cpe:/a:redhat:rhel_eus:8.8::appstream shopxo >= 0:1.12.0-15.el8_8.7 < *
cpe:/a:redhat:enterprise_linux:9::appstream shopxo >= 0:1.13.1-3.el9_3.6 < *
cpe:/a:redhat:enterprise_linux:9::crb shopxo >= 0:1.20.11-24.el9 < *
cpe:/a:redhat:enterprise_linux:9::appstream shopxo >= 0:22.1.9-5.el9 < *
cpe:/a:redhat:rhel_eus:9.0::appstream shopxo >= 0:1.11.0-22.el9_0.8 < *
cpe:/a:redhat:rhel_eus:9.2::appstream shopxo >= 0:1.12.0-14.el9_2.5 < *
cpe:/o:redhat:enterprise_linux:7::workstation shopxo >= 0:1.20.4-27.el7_9 < *
cpe:/o:redhat:enterprise_linux:7::workstation shopxo >= 0:1.8.0-31.el7_9 < *
cpe:/a:redhat:rhel_e4s:8.4::appstream shopxo >= 0:1.11.0-8.el8_4.8 < *

Vulnerable and fixed packages

Source package Branch Version Maintainer Status