Nixpkgs Security Tracker

Untriaged

Permalink CVE-2024-31082

7.3 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): LOW
Availability impact (A): HIGH

created 6 months ago

Xorg-x11-server: heap buffer overread/data leakage in procappledricreatepixmap

A heap-based buffer over-read vulnerability was found in the X.org server's ProcAppleDRICreatePixmap() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.

References

https://access.redhat.com/security/cve/CVE-2024-31082 x_refsource_REDHAT vdb-entry
RHBZ#2271999 issue-tracking x_refsource_REDHAT
http://www.openwall.com/lists/oss-security/2024/04/03/13
http://www.openwall.com/lists/oss-security/2024/04/12/10
https://access.redhat.com/security/cve/CVE-2024-31082 x_refsource_REDHAT vdb-entry
RHBZ#2271999 issue-tracking x_refsource_REDHAT
http://www.openwall.com/lists/oss-security/2024/04/03/13
http://www.openwall.com/lists/oss-security/2024/04/12/10
https://access.redhat.com/security/cve/CVE-2024-31082 x_refsource_REDHAT vdb-entry
RHBZ#2271999 issue-tracking x_refsource_REDHAT
https://lists.x.org/archives/xorg-announce/2024-April/003497.html
http://www.openwall.com/lists/oss-security/2024/04/03/13
http://www.openwall.com/lists/oss-security/2024/04/12/10
https://access.redhat.com/security/cve/CVE-2024-31082 x_refsource_REDHAT vdb-entry
RHBZ#2271999 issue-tracking x_refsource_REDHAT
https://lists.x.org/archives/xorg-announce/2024-April/003497.html
http://www.openwall.com/lists/oss-security/2024/04/03/13
http://www.openwall.com/lists/oss-security/2024/04/12/10
https://access.redhat.com/security/cve/CVE-2024-31082 x_refsource_REDHAT vdb-entry
RHBZ#2271999 issue-tracking x_refsource_REDHAT
https://lists.x.org/archives/xorg-announce/2024-April/003497.html
http://www.openwall.com/lists/oss-security/2024/04/03/13 x_transferred
http://www.openwall.com/lists/oss-security/2024/04/12/10 x_transferred
https://access.redhat.com/security/cve/CVE-2024-31082 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2271999 issue-tracking x_refsource_REDHAT x_transferred
https://lists.x.org/archives/xorg-announce/2024-April/003497.html x_transferred
http://www.openwall.com/lists/oss-security/2024/04/03/13
http://www.openwall.com/lists/oss-security/2024/04/12/10
https://access.redhat.com/security/cve/CVE-2024-31082 x_refsource_REDHAT vdb-entry
RHBZ#2271999 issue-tracking x_refsource_REDHAT
https://lists.x.org/archives/xorg-announce/2024-April/003497.html
http://www.openwall.com/lists/oss-security/2024/04/03/13 x_transferred
http://www.openwall.com/lists/oss-security/2024/04/12/10 x_transferred
https://access.redhat.com/security/cve/CVE-2024-31082 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2271999 issue-tracking x_refsource_REDHAT x_transferred
https://lists.x.org/archives/xorg-announce/2024-April/003497.html x_transferred
http://www.openwall.com/lists/oss-security/2024/04/03/13
http://www.openwall.com/lists/oss-security/2024/04/12/10
https://access.redhat.com/security/cve/CVE-2024-31082 x_refsource_REDHAT vdb-entry
RHBZ#2271999 issue-tracking x_refsource_REDHAT
https://lists.x.org/archives/xorg-announce/2024-April/003497.html
http://www.openwall.com/lists/oss-security/2024/04/03/13 x_transferred
http://www.openwall.com/lists/oss-security/2024/04/12/10 x_transferred
https://access.redhat.com/security/cve/CVE-2024-31082 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2271999 issue-tracking x_refsource_REDHAT x_transferred
https://lists.x.org/archives/xorg-announce/2024-April/003497.html x_transferred
https://access.redhat.com/security/cve/CVE-2024-31082 x_refsource_REDHAT vdb-entry
RHBZ#2271999 issue-tracking x_refsource_REDHAT
https://lists.x.org/archives/xorg-announce/2024-April/003497.html
http://www.openwall.com/lists/oss-security/2024/04/03/13 x_transferred
http://www.openwall.com/lists/oss-security/2024/04/12/10 x_transferred
https://access.redhat.com/security/cve/CVE-2024-31082 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2271999 issue-tracking x_refsource_REDHAT x_transferred
https://lists.x.org/archives/xorg-announce/2024-April/003497.html x_transferred
RHBZ#2271999 issue-tracking x_refsource_REDHAT
https://lists.x.org/archives/xorg-announce/2024-April/003497.html
https://access.redhat.com/security/cve/CVE-2024-31082 x_refsource_REDHAT vdb-entry
http://www.openwall.com/lists/oss-security/2024/04/03/13 x_transferred
http://www.openwall.com/lists/oss-security/2024/04/12/10 x_transferred
https://access.redhat.com/security/cve/CVE-2024-31082 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2271999 issue-tracking x_refsource_REDHAT x_transferred
https://lists.x.org/archives/xorg-announce/2024-April/003497.html x_transferred
https://access.redhat.com/security/cve/CVE-2024-31082 x_refsource_REDHAT vdb-entry
RHBZ#2271999 issue-tracking x_refsource_REDHAT
https://lists.x.org/archives/xorg-announce/2024-April/003497.html
http://www.openwall.com/lists/oss-security/2024/04/03/13 x_transferred
http://www.openwall.com/lists/oss-security/2024/04/12/10 x_transferred
https://access.redhat.com/security/cve/CVE-2024-31082 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2271999 issue-tracking x_refsource_REDHAT x_transferred
https://lists.x.org/archives/xorg-announce/2024-April/003497.html x_transferred
http://www.openwall.com/lists/oss-security/2024/04/03/13 x_transferred
http://www.openwall.com/lists/oss-security/2024/04/12/10 x_transferred
https://access.redhat.com/security/cve/CVE-2024-31082 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2271999 issue-tracking x_refsource_REDHAT x_transferred
https://lists.x.org/archives/xorg-announce/2024-April/003497.html x_transferred
https://access.redhat.com/security/cve/CVE-2024-31082 x_refsource_REDHAT vdb-entry
RHBZ#2271999 issue-tracking x_refsource_REDHAT
https://lists.x.org/archives/xorg-announce/2024-April/003497.html
https://lists.x.org/archives/xorg-announce/2024-April/003497.html
https://access.redhat.com/security/cve/CVE-2024-31082 x_refsource_REDHAT vdb-entry
RHBZ#2271999 issue-tracking x_refsource_REDHAT
http://www.openwall.com/lists/oss-security/2024/04/03/13 x_transferred
http://www.openwall.com/lists/oss-security/2024/04/12/10 x_transferred
https://access.redhat.com/security/cve/CVE-2024-31082 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2271999 issue-tracking x_refsource_REDHAT x_transferred
https://lists.x.org/archives/xorg-announce/2024-April/003497.html x_transferred

Affected products

tigervnc

xorg-server

<21.1.12
==21.1.12

xorg-x11-server

xorg-x11-server-Xwayland

Matching in nixpkgs

pkgs.tigervnc

Fork of tightVNC, made in cooperation with VirtualGL

nixos-unstable -
- nixpkgs-unstable 1.15.0

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.tigervnc