CVE-2024-21885

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-21885

CGA ID

CGA-rxp5-26h3-72r4

Severity

Unknown

Description

A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remote code execution in SSH X11 forwarding environments.

References

https://images.chainguard.dev/security/CGA-rxp5-26h3-72r4
https://github.com/advisories/GHSA-2x93-8973-5mgq
https://access.redhat.com/errata/RHSA-2024:0320
https://access.redhat.com/errata/RHSA-2024:0557
https://access.redhat.com/errata/RHSA-2024:0558
https://access.redhat.com/errata/RHSA-2024:0597
https://access.redhat.com/errata/RHSA-2024:0607
https://access.redhat.com/errata/RHSA-2024:0614
https://access.redhat.com/errata/RHSA-2024:0617
https://access.redhat.com/errata/RHSA-2024:0621
https://access.redhat.com/errata/RHSA-2024:0626
https://access.redhat.com/errata/RHSA-2024:0629
https://access.redhat.com/errata/RHSA-2024:2169
https://access.redhat.com/errata/RHSA-2024:2170
https://access.redhat.com/errata/RHSA-2024:2995
https://access.redhat.com/errata/RHSA-2024:2996
https://security.netapp.com/advisory/ntap-20240503-0004/
https://bugzilla.redhat.com/show_bug.cgi?id=2256540
https://access.redhat.com/security/cve/CVE-2024-21885
https://security-tracker.debian.org/tracker/CVE-2024-21885

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2024-21885

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources