Fluid Attacks Database

Description

A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	xorg-server	>=0 <2:21.1.5-1	2:21.1.5-1
debian 14	xorg-server	>=0 <2:21.1.5-1	2:21.1.5-1
debian 11	xorg-server	=2:1.20.11-1 \|\| =2:1.20.11-1+deb11u1 \|\| =2:1.20.11-1+deb11u2 \|\| =2:1.20.11-1+deb11u3 \|\| >=0 <2:1.20.11-1+deb11u4	2:1.20.11-1+deb11u4
debian 12	xorg-server	>=0 <2:21.1.5-1	2:21.1.5-1
debian 12	xwayland	>=0 <2:22.1.6-1	2:22.1.6-1
debian 13	xwayland	>=0 <2:22.1.6-1	2:22.1.6-1
debian 14	xwayland	>=0 <2:22.1.6-1	2:22.1.6-1
rpm rhel9	xorg-x11-server-Xwayland	<0:21.1.3-7.el9	0:21.1.3-7.el9
rpm rhel7	tigervnc	<0:1.8.0-23.el7_9	0:1.8.0-23.el7_9
rpm rhel8	xorg-x11-server-Xwayland	<0:21.1.3-10.el8	0:21.1.3-10.el8

1-10 of 16

Aliases

1. CVE-2022-463412. NVD-2022-463413. OSV-DEBIAN-2022-463414. OSV-2022-463415. SECURITY-TRACKER-CVE-2022-46341

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.