Fluid Attacks Database

Description

A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	xwayland	>=0 <2:22.1.6-1	2:22.1.6-1
debian 11	xorg-server	=2:1.20.11-1 \|\| =2:1.20.11-1+deb11u1 \|\| =2:1.20.11-1+deb11u2 \|\| =2:1.20.11-1+deb11u3 \|\| >=0 <2:1.20.11-1+deb11u4	2:1.20.11-1+deb11u4
debian 12	xorg-server	>=0 <2:21.1.5-1	2:21.1.5-1
debian 13	xorg-server	>=0 <2:21.1.5-1	2:21.1.5-1
debian 14	xorg-server	>=0 <2:21.1.5-1	2:21.1.5-1
debian 13	xwayland	>=0 <2:22.1.6-1	2:22.1.6-1
debian 14	xwayland	>=0 <2:22.1.6-1	2:22.1.6-1
rpm rhel7	tigervnc	<0:1.8.0-23.el7_9	0:1.8.0-23.el7_9
rpm rhel8	tigervnc	<0:1.12.0-15.el8_8	0:1.12.0-15.el8_8
rpm rhel9	tigervnc	<0:1.12.0-13.el9_2	0:1.12.0-13.el9_2

1-10 of 16

Aliases

1. CVE-2022-463442. NVD-2022-463443. OSV-DEBIAN-2022-463444. OSV-2022-463445. SECURITY-TRACKER-CVE-2022-46344

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.