Vulnerabilites related to x - libxcb
Vulnerability from fkie_nvd
Published
2013-06-15 19:55
Modified
2024-11-21 01:50
Severity ?
Summary
Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function.
References
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2013-May/106752.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2013-06/msg00137.htmlThird Party Advisory
secalert@redhat.comhttp://www.debian.org/security/2013/dsa-2686Third Party Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2013/05/23/3Third Party Advisory
secalert@redhat.comhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlVendor Advisory
secalert@redhat.comhttp://www.securityfocus.com/bid/60148
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1855-1Third Party Advisory
secalert@redhat.comhttp://www.x.org/wiki/Development/Security/Advisory-2013-05-23Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106752.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-06/msg00137.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2013/dsa-2686Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2013/05/23/3Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/60148
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1855-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.x.org/wiki/Development/Security/Advisory-2013-05-23Vendor Advisory



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "036E8A89-7A16-411F-9D31-676313BB7244",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:secure_global_desktop:4.71:*:*:*:*:*:*:*",
                     matchCriteriaId: "6E7F2CF7-CCB3-4EB7-AE44-637C12D97428",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:secure_global_desktop:5.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "0F94A303-B4A1-4E65-B6C4-9A7E04DAED0C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "5D37DF0F-F863-45AC-853A-3E04F9FEC7CA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "E2076871-2E80-4605-A470-A41C1A8EC7EE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*",
                     matchCriteriaId: "EFAA48D9-BEB4-4E49-AD50-325C262D46D9",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "D806A17E-B8F9-466D-807D-3F1E77603DC8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "DFBF430B-0832-44B0-AA0E-BA9E467F7668",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*",
                     matchCriteriaId: "5991814D-CA77-4C25-90D2-DB542B17E0AD",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:x:libxcb:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C811EE78-FA2E-424E-9CF7-771E704591E3",
                     versionEndIncluding: "1.9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:x:libxcb:1.1.90.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "4062F366-7250-492C-A195-8CC9514E796A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:x:libxcb:1.1.91:*:*:*:*:*:*:*",
                     matchCriteriaId: "6F522BB3-4DA8-443F-AA61-789E71F991AE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:x:libxcb:1.1.92:*:*:*:*:*:*:*",
                     matchCriteriaId: "72EA4E62-1739-4119-AC6D-93572D9CCDF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:x:libxcb:1.1.93:*:*:*:*:*:*:*",
                     matchCriteriaId: "E870A1DF-9FFD-441C-A2BE-0222D4BB2547",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:x:libxcb:1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "0B6BABE2-A245-4562-B40E-A718B6F376E2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:x:libxcb:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "8D796C97-381D-4D92-BACE-42977523F93A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:x:libxcb:1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "65FA9A18-C0D5-47AC-AD15-8747930A97DC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:x:libxcb:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "741C52CA-469F-4E0B-B42D-38BC123B05BB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:x:libxcb:1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F505D7C-9644-4B0C-B750-ACA2B5AB6422",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:x:libxcb:1.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "E1F0750D-C826-457A-954E-5ACC5181009B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:x:libxcb:1.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "C6F0C368-F4EC-46CB-8EF2-9B31BE0E4B33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:x:libxcb:1.8.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A399828-BB23-4DD7-A4EB-A952DA9B0CF2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function.",
      },
      {
         lang: "es",
         value: "Desbordamiento de entero en X.org libxcb v1.9 y anteriores permite a los servidores X activar la asignación de memoria insuficiente y provocar un desbordamiento de búfer a través de vectores relacionados con la función read_packet.",
      },
   ],
   id: "CVE-2013-2064",
   lastModified: "2024-11-21T01:50:57.813",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2013-06-15T19:55:01.233",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106752.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-updates/2013-06/msg00137.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.debian.org/security/2013/dsa-2686",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2013/05/23/3",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/60148",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.ubuntu.com/usn/USN-1855-1",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106752.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-updates/2013-06/msg00137.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.debian.org/security/2013/dsa-2686",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2013/05/23/3",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/60148",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.ubuntu.com/usn/USN-1855-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-189",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

cve-2013-2064
Vulnerability from cvelistv5
Published
2013-06-15 19:00
Modified
2024-08-06 15:20
Severity ?
Summary
Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T15:20:37.510Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "DSA-2686",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2013/dsa-2686",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
               },
               {
                  name: "FEDORA-2013-9070",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106752.html",
               },
               {
                  name: "openSUSE-SU-2013:1007",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2013-06/msg00137.html",
               },
               {
                  name: "USN-1855-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-1855-1",
               },
               {
                  name: "60148",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/60148",
               },
               {
                  name: "[oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues  in X Window System client libraries",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2013/05/23/3",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2013-05-23T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-11-25T19:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "DSA-2686",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2013/dsa-2686",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
            },
            {
               name: "FEDORA-2013-9070",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106752.html",
            },
            {
               name: "openSUSE-SU-2013:1007",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2013-06/msg00137.html",
            },
            {
               name: "USN-1855-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-1855-1",
            },
            {
               name: "60148",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/60148",
            },
            {
               name: "[oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues  in X Window System client libraries",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2013/05/23/3",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2013-2064",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "DSA-2686",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2013/dsa-2686",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
                  },
                  {
                     name: "FEDORA-2013-9070",
                     refsource: "FEDORA",
                     url: "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106752.html",
                  },
                  {
                     name: "openSUSE-SU-2013:1007",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-updates/2013-06/msg00137.html",
                  },
                  {
                     name: "USN-1855-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-1855-1",
                  },
                  {
                     name: "60148",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/60148",
                  },
                  {
                     name: "[oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues  in X Window System client libraries",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2013/05/23/3",
                  },
                  {
                     name: "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23",
                     refsource: "CONFIRM",
                     url: "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2013-2064",
      datePublished: "2013-06-15T19:00:00",
      dateReserved: "2013-02-19T00:00:00",
      dateUpdated: "2024-08-06T15:20:37.510Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}