CVE-2022-3551

Published: Oct 17, 2022Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of the file xkb/xkb.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211052.

Affected (6)

Products: X.org: X Server · Debian: Debian Linux · Fedoraproject: Fedora

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
X.org X Server	Before 21.1.6

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 11.0

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 35
Fedoraproject Fedora	Version 36
Fedoraproject Fedora	Version 37

Related CWEs

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.

References (18)

https://cgit.freedesktop.org/xorg/xserver/commit/?id=18f91b950e22c2a342a4fbc55e9ddf7534a707d2

Source: cna@vuldb.com

Mailing ListPatchVendor Advisory

https://lists.debian.org/debian-lts-announce/2022/11/msg00012.html

Source: cna@vuldb.com

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QTPFVGYTOY4EWTJEBH3YGDTTU57FZAK/

Source: cna@vuldb.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOEDFBYPSE3EMVHTEFCVEJD2R2Y5F2A5/

Source: cna@vuldb.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OXZZ6JBDBVBYPDI6DUTY6N36GNW37YHK/

Source: cna@vuldb.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X7W3NXSYK4P3XCZQBI3U6UWP4DPZIMRZ/

Source: cna@vuldb.com

https://security.gentoo.org/glsa/202305-30

Source: cna@vuldb.com

https://vuldb.com/?id.211052

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://www.debian.org/security/2022/dsa-5278

Source: cna@vuldb.com

Third Party Advisory

https://cgit.freedesktop.org/xorg/xserver/commit/?id=18f91b950e22c2a342a4fbc55e9ddf7534a707d2

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchVendor Advisory

https://lists.debian.org/debian-lts-announce/2022/11/msg00012.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QTPFVGYTOY4EWTJEBH3YGDTTU57FZAK/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOEDFBYPSE3EMVHTEFCVEJD2R2Y5F2A5/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OXZZ6JBDBVBYPDI6DUTY6N36GNW37YHK/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X7W3NXSYK4P3XCZQBI3U6UWP4DPZIMRZ/

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/202305-30

Source: af854a3a-2127-422b-91ae-364da2661108

https://vuldb.com/?id.211052

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://www.debian.org/security/2022/dsa-5278

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.