CVE-2024-31080

CVSS 3.1 Score 7.3 of 10 (high)

Details

Published Apr 4, 2024

Updated: May 24, 2024

CWE ID 126

Summary

CVE-2024-31080 is a heap-based buffer over-read vulnerability identified in the X.org server's ProcXIGetSelectedEvents() function. The issue arises when byte-swapped length values are used in replies, causing memory leakage and segmentation faults, especially when interacting with clients of different endianness. An attacker could potentially trigger these conditions, leading to the X server reading and transmitting heap memory values to the client. Although the attacker cannot control which memory values are copied, the small length values often occupying 32-bit integers result in significant attempted out-of-bounds reads, increasing the risk of a crash.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database