Fluid Attacks Database

Description

A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xkb.c. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211051.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	xwayland	>=0 <2:22.1.5-1	2:22.1.5-1
debian 14	xorg-server	>=0 <2:21.1.4-3	2:21.1.4-3
debian 13	xorg-server	>=0 <2:21.1.4-3	2:21.1.4-3
debian 11	xorg-server	=2:1.20.11-1 \|\| =2:1.20.11-1+deb11u1 \|\| =2:1.20.11-1+deb11u2 \|\| >=0 <2:1.20.11-1+deb11u3	2:1.20.11-1+deb11u3
debian 12	xorg-server	>=0 <2:21.1.4-3	2:21.1.4-3
debian 12	xwayland	>=0 <2:22.1.5-1	2:22.1.5-1
debian 13	xwayland	>=0 <2:22.1.5-1	2:22.1.5-1
rpm rhel9	xorg-x11-server-Xwayland	<0:21.1.3-7.el9	0:21.1.3-7.el9
rpm rhel7	xorg-x11-server	<0:1.20.4-19.el7_9	0:1.20.4-19.el7_9
rpm rhel9	xorg-x11-server	<0:1.20.11-17.el9	0:1.20.11-17.el9

1-10 of 13

Aliases

1. CVE-2022-35502. NVD-2022-35503. OSV-DEBIAN-2022-35504. OSV-2022-35505. SECURITY-TRACKER-CVE-2022-3550

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.