CVE-2024-21886

Name
CVE-2024-21886
Description
A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
vendor-advisory https://access.redhat.com/errata/RHSA-2024:0320
vendor-advisory https://access.redhat.com/errata/RHSA-2024:0557
vendor-advisory https://access.redhat.com/errata/RHSA-2024:0558
vendor-advisory https://access.redhat.com/errata/RHSA-2024:0597
vendor-advisory https://access.redhat.com/errata/RHSA-2024:0607
vendor-advisory https://access.redhat.com/errata/RHSA-2024:0614
vendor-advisory https://access.redhat.com/errata/RHSA-2024:0617
vendor-advisory https://access.redhat.com/errata/RHSA-2024:0621
vendor-advisory https://access.redhat.com/errata/RHSA-2024:0626
vendor-advisory https://access.redhat.com/errata/RHSA-2024:0629
vdb-entry https://access.redhat.com/security/cve/CVE-2024-21886
issue-tracking https://bugzilla.redhat.com/show_bug.cgi?id=2256542
vendor-advisory https://access.redhat.com/errata/RHSA-2024:2169
vendor-advisory https://access.redhat.com/errata/RHSA-2024:2170
vendor-advisory https://access.redhat.com/errata/RHSA-2024:2995
vendor-advisory https://access.redhat.com/errata/RHSA-2024:2996
vendor-advisory https://access.redhat.com/errata/RHSA-2025:12751
af854a3a-2127-422b-91ae-364da2661108 https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html
af854a3a-2127-422b-91ae-364da2661108 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/
af854a3a-2127-422b-91ae-364da2661108 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/
af854a3a-2127-422b-91ae-364da2661108 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/
af854a3a-2127-422b-91ae-364da2661108 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZ2IJJDHJETNE76VUX4G7UI5EG5HYFEH/

Match rules

CPE URI Source package Min version Max version
cpe:/a:redhat:enterprise_linux:8::appstream shopxo >= 0:1.13.1-2.el8_9.7 < *
cpe:/a:redhat:enterprise_linux:8::appstream shopxo >= 0:21.1.3-15.el8 < *
cpe:/a:redhat:rhel_eus:8.6::appstream shopxo >= 0:1.12.0-6.el8_6.9 < *
cpe:/a:redhat:rhel_eus:8.8::appstream shopxo >= 0:1.12.0-15.el8_8.7 < *
cpe:/a:redhat:enterprise_linux:9::appstream shopxo >= 0:1.13.1-3.el9_3.6 < *
cpe:/a:redhat:enterprise_linux:9::appstream shopxo >= 0:22.1.9-5.el9 < *
cpe:/a:redhat:rhel_eus:9.0::appstream shopxo >= 0:1.11.0-22.el9_0.8 < *
cpe:/a:redhat:rhel_eus:9.2::appstream shopxo >= 0:1.12.0-14.el9_2.5 < *
shopxo == 1.21.1.7 == 1.21.1.7
cpe:/o:redhat:rhel_els:6 shopxo >= 0:1.1.0-25.el6_10.13 < *
cpe:/a:redhat:enterprise_linux:9::appstream shopxo >= 0:1.20.11-24.el9 < *
cpe:/o:redhat:enterprise_linux:7::workstation shopxo >= 0:1.20.4-27.el7_9 < *
cpe:/o:redhat:enterprise_linux:7::workstation shopxo >= 0:1.8.0-31.el7_9 < *
cpe:/a:redhat:enterprise_linux:8::appstream shopxo >= 0:1.20.11-22.el8 < *
cpe:/a:redhat:rhel_e4s:8.2::appstream shopxo >= 0:1.9.0-15.el8_2.9 < *
cpe:/a:redhat:rhel_aus:8.4::appstream shopxo >= 0:1.11.0-8.el8_4.8 < *

Vulnerable and fixed packages

Source package Branch Version Maintainer Status