X.org Server xkb/xkb.c _GetCountedString buffer overflow

A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xkb.c. The manipulation leads to buffer overflow. The CWE definition for the vulnerability is CWE-120. The weakness was released 10/17/2022. It is possible to read the advisory at cgit.freedesktop.org. This vulnerability is known as CVE-2022-3550. The attack can only be done within the local network. Technical details are available. There is no exploit available. The pricing for an exploit might be around USD $0-$5k at the moment. It is declared as not defined. We expect the 0-day to have been worth approximately $0-$5k. The bugfix is ready for download at cgit.freedesktop.org. It is recommended to apply a patch to fix this issue. A possible mitigation has been published even before and not after the disclosure of the vulnerability.

Field10/17/2022 14:2411/09/2022 18:0011/09/2022 18:08
vendorX.orgX.orgX.org
nameServerServerServer
filexkb/xkb.cxkb/xkb.cxkb/xkb.c
function_GetCountedString_GetCountedString_GetCountedString
cwe120 (buffer overflow)120 (buffer overflow)120 (buffer overflow)
risk222
cvss3_vuldb_acLLL
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
urlhttps://cgit.freedesktop.org/xorg/xserver/commit/?id=11beef0b7f1ed290348e45618e5fa0d2bffcb72ehttps://cgit.freedesktop.org/xorg/xserver/commit/?id=11beef0b7f1ed290348e45618e5fa0d2bffcb72ehttps://cgit.freedesktop.org/xorg/xserver/commit/?id=11beef0b7f1ed290348e45618e5fa0d2bffcb72e
namePatchPatchPatch
patch_urlhttps://cgit.freedesktop.org/xorg/xserver/commit/?id=11beef0b7f1ed290348e45618e5fa0d2bffcb72ehttps://cgit.freedesktop.org/xorg/xserver/commit/?id=11beef0b7f1ed290348e45618e5fa0d2bffcb72ehttps://cgit.freedesktop.org/xorg/xserver/commit/?id=11beef0b7f1ed290348e45618e5fa0d2bffcb72e
cveCVE-2022-3550CVE-2022-3550CVE-2022-3550
responsibleVulDBVulDBVulDB
date1665957600 (10/17/2022)1665957600 (10/17/2022)1665957600 (10/17/2022)
cvss2_vuldb_acLLL
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_vuldb_rcCCC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_avAAA
cvss2_vuldb_auSSS
cvss2_vuldb_eNDNDND
cvss3_vuldb_avAAA
cvss3_vuldb_prLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_eXXX
cvss2_vuldb_basescore5.25.25.2
cvss2_vuldb_tempscore4.54.54.5
cvss3_vuldb_basescore5.55.55.5
cvss3_vuldb_tempscore5.35.35.3
cvss3_meta_basescore5.55.56.9
cvss3_meta_tempscore5.35.36.9
price_0day$0-$5k$0-$5k$0-$5k
cve_assigned1665957600 (10/17/2022)1665957600 (10/17/2022)
cve_nvd_summaryA vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xkb.c. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211051.A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xkb.c. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211051.
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aH
cvss3_cna_avA
cvss3_cna_acL
cvss3_cna_prL
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cL
cvss3_cna_iL
cvss3_cna_aL
cve_cnaVulDB
cvss3_nvd_basescore9.8
cvss3_cna_basescore5.5

PreviousOverviewNext