Untriaged
Permalink
CVE-2025-49178
5.5 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): NONE
- Availability impact (A): HIGH
Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: unprocessed client request due to bytes to ignore
A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service.
References
- https://access.redhat.com/security/cve/CVE-2025-49178 x_refsource_REDHAT vdb-entry
- RHBZ#2369977 issue-tracking x_refsource_REDHAT
- RHSA-2025:9303 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9304 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9305 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9306 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9392 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-49178 x_refsource_REDHAT vdb-entry
- RHBZ#2369977 issue-tracking x_refsource_REDHAT
- RHSA-2025:9304 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9305 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9306 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9392 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-49178 x_refsource_REDHAT vdb-entry
- RHBZ#2369977 issue-tracking x_refsource_REDHAT
- RHSA-2025:9303 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-49178 x_refsource_REDHAT vdb-entry
- RHBZ#2369977 issue-tracking x_refsource_REDHAT
- RHSA-2025:9303 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9304 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9305 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9306 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9392 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9964 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10258 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9303 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9304 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9305 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9306 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9392 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9964 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-49178 x_refsource_REDHAT vdb-entry
- RHBZ#2369977 issue-tracking x_refsource_REDHAT
- RHSA-2025:10374 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10375 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10376 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10377 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10378 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10381 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10410 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9303 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9304 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9305 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9306 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9392 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9964 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-49178 x_refsource_REDHAT vdb-entry
- RHBZ#2369977 issue-tracking x_refsource_REDHAT
- RHSA-2025:10258 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10342 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10343 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10344 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10346 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10347 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10348 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10349 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10350 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10351 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10352 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10355 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10356 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10360 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10370 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10258 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10342 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10343 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10344 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10346 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10347 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10348 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10349 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10350 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10351 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10352 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10355 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10356 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10360 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10370 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10374 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10375 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10376 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10377 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10378 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10381 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10410 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9303 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9304 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9305 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9306 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9392 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9964 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-49178 x_refsource_REDHAT vdb-entry
- RHBZ#2369977 issue-tracking x_refsource_REDHAT
- RHSA-2025:10258 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10342 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10343 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10344 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10346 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10347 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10348 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10349 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10350 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10351 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10352 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10355 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10356 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10360 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10370 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10374 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10375 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10376 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10377 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10378 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10381 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10410 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9303 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9304 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9305 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9306 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9392 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9964 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-49178 x_refsource_REDHAT vdb-entry
- RHBZ#2369977 issue-tracking x_refsource_REDHAT
- RHSA-2025:10258 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10342 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10343 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10344 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10346 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10347 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10348 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10349 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10350 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10351 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10352 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10355 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10356 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10360 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10370 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10374 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10375 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10376 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10377 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10378 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10381 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10410 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9303 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9304 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9305 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9306 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9392 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9964 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-49178 x_refsource_REDHAT vdb-entry
- RHBZ#2369977 issue-tracking x_refsource_REDHAT
- RHSA-2025:10258 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10342 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10343 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10344 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10346 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10347 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10348 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10349 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10350 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10351 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10352 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10355 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10356 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10360 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10370 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10374 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10375 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10376 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10377 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10378 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10381 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10410 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9303 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9304 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9305 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9306 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9392 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9964 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-49178 x_refsource_REDHAT vdb-entry
- RHBZ#2369977 issue-tracking x_refsource_REDHAT
- https://lists.debian.org/debian-lts-announce/2025/06/msg00028.html
- RHSA-2025:10258 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10342 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10343 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10344 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10346 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10347 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10348 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10349 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10350 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10351 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10352 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10355 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10356 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10360 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10370 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10374 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10375 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10376 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10377 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10378 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10381 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10410 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9303 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9304 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9305 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9306 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9392 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9964 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-49178 x_refsource_REDHAT vdb-entry
- RHBZ#2369977 issue-tracking x_refsource_REDHAT
- https://lists.debian.org/debian-lts-announce/2025/06/msg00028.html
- RHSA-2025:10370 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10374 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10375 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10376 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10377 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10378 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10381 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10410 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9303 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9304 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9305 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9306 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9392 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9964 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-49178 x_refsource_REDHAT vdb-entry
- RHBZ#2369977 issue-tracking x_refsource_REDHAT
- RHSA-2025:10258 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10342 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10343 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10344 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10346 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10347 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10348 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10349 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10350 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10351 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10352 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10355 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10356 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10360 x_refsource_REDHAT vendor-advisory
- https://lists.debian.org/debian-lts-announce/2025/06/msg00028.html
- RHSA-2025:10258 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10342 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10343 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10344 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10346 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10347 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10348 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10349 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10350 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10351 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10352 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10355 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10356 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10360 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10370 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10374 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10375 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10376 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10377 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10378 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10381 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10410 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9303 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9304 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9305 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9306 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9392 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9964 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-49178 x_refsource_REDHAT vdb-entry
- RHBZ#2369977 issue-tracking x_refsource_REDHAT
- https://gitlab.freedesktop.org/xorg/xserver/-/commit/d55c54cecb5e83eaa2d56bed5c…
- https://lists.debian.org/debian-lts-announce/2025/06/msg00028.html
- RHSA-2025:10344 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10346 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10347 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10348 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10349 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10350 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10351 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10352 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10355 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10356 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10360 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10370 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10374 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10375 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10376 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10377 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10378 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10381 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10410 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9303 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9304 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9305 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9306 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9392 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9964 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-49178 x_refsource_REDHAT vdb-entry
- RHBZ#2369977 issue-tracking x_refsource_REDHAT
- https://gitlab.freedesktop.org/xorg/xserver/-/commit/d55c54cecb5e83eaa2d56bed5c…
- https://www.x.org/wiki/Development/Security/
- RHSA-2025:10258 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10342 x_refsource_REDHAT vendor-advisory
- RHSA-2025:10343 x_refsource_REDHAT vendor-advisory
- https://lists.debian.org/debian-lts-announce/2025/06/msg00028.html
Affected products
tigervnc
- *
xwayland
- <24.1.7
xorg-x11-server
- *
xorg-x11-server-Xwayland
- *