X.org Server xquartz X11Controller.m denial of service

A vulnerability, which was classified as problematic, was found in X.org Server. This affects an unknown part of the file hw/xquartz/X11Controller.m of the component xquartz. The manipulation leads to denial of service. The CWE definition for the vulnerability is CWE-404. The weakness was presented 10/17/2022. The advisory is shared at cgit.freedesktop.org. This vulnerability is uniquely identified as CVE-2022-3553. The attack needs to be done within the local network. Technical details are available. There is no exploit available. The price for an exploit might be around USD $0-$5k at the moment. It is declared as not defined. We expect the 0-day to have been worth approximately $0-$5k. The bugfix is ready for download at cgit.freedesktop.org. It is recommended to apply a patch to fix this issue. A possible mitigation has been published even before and not after the disclosure of the vulnerability.

Field10/17/2022 14:4311/09/2022 18:29
vendorX.orgX.org
nameServerServer
componentxquartzxquartz
filehw/xquartz/X11Controller.mhw/xquartz/X11Controller.m
cwe404 (denial of service)404 (denial of service)
risk11
cvss3_vuldb_sUU
cvss3_vuldb_cNN
cvss3_vuldb_iNN
cvss3_vuldb_aLL
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
urlhttps://cgit.freedesktop.org/xorg/xserver/commit/?id=dfd057996b26420309c324ec844a5ba6dd07eda3https://cgit.freedesktop.org/xorg/xserver/commit/?id=dfd057996b26420309c324ec844a5ba6dd07eda3
namePatchPatch
patch_urlhttps://cgit.freedesktop.org/xorg/xserver/commit/?id=dfd057996b26420309c324ec844a5ba6dd07eda3https://cgit.freedesktop.org/xorg/xserver/commit/?id=dfd057996b26420309c324ec844a5ba6dd07eda3
cveCVE-2022-3553CVE-2022-3553
responsibleVulDBVulDB
date1665957600 (10/17/2022)1665957600 (10/17/2022)
cvss2_vuldb_ciNN
cvss2_vuldb_iiNN
cvss2_vuldb_aiPP
cvss2_vuldb_rcCC
cvss2_vuldb_rlOFOF
cvss2_vuldb_avAA
cvss2_vuldb_acMM
cvss2_vuldb_auSS
cvss2_vuldb_eNDND
cvss3_vuldb_avAA
cvss3_vuldb_acLL
cvss3_vuldb_prLL
cvss3_vuldb_uiNN
cvss3_vuldb_eXX
cvss2_vuldb_basescore2.32.3
cvss2_vuldb_tempscore2.02.0
cvss3_vuldb_basescore3.53.5
cvss3_vuldb_tempscore3.43.4
cvss3_meta_basescore3.53.5
cvss3_meta_tempscore3.43.4
price_0day$0-$5k$0-$5k
cve_assigned1665957600 (10/17/2022)
cve_nvd_summaryA vulnerability, which was classified as problematic, was found in X.org Server. This affects an unknown part of the file hw/xquartz/X11Controller.m of the component xquartz. The manipulation leads to denial of service. It is recommended to apply a patch to fix this issue. The identifier VDB-211053 was assigned to this vulnerability.

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!