{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-02-10T00:00:00", "descriptions": [{"lang": "en", "value": "X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-29T18:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "openSUSE-SU-2015:0337", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00085.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"}, {"name": "GLSA-201504-06", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201504-06"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://advisories.mageia.org/MGASA-2015-0073.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"}, {"name": "72578", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/72578"}, {"name": "MDVSA-2015:119", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:119"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"}, {"name": "DSA-3160", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3160"}, {"name": "USN-2500-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2500-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/"}, {"name": "openSUSE-SU-2015:0338", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00086.html"}, {"name": "RHSA-2015:0797", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0797.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-0255", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "openSUSE-SU-2015:0337", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00085.html"}, {"name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"}, {"name": "GLSA-201504-06", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201504-06"}, {"name": "http://advisories.mageia.org/MGASA-2015-0073.html", "refsource": "CONFIRM", "url": "http://advisories.mageia.org/MGASA-2015-0073.html"}, {"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"}, {"name": "72578", "refsource": "BID", "url": "http://www.securityfocus.com/bid/72578"}, {"name": "MDVSA-2015:119", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:119"}, {"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"}, {"name": "DSA-3160", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3160"}, {"name": "USN-2500-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2500-1"}, {"name": "http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/", "refsource": "CONFIRM", "url": "http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/"}, {"name": "openSUSE-SU-2015:0338", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00086.html"}, {"name": "RHSA-2015:0797", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0797.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T04:03:10.448Z"}, "title": "CVE Program Container", "references": [{"name": "openSUSE-SU-2015:0337", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00085.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"}, {"name": "GLSA-201504-06", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201504-06"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://advisories.mageia.org/MGASA-2015-0073.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"}, {"name": "72578", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/72578"}, {"name": "MDVSA-2015:119", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:119"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"}, {"name": "DSA-3160", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3160"}, {"name": "USN-2500-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2500-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/"}, {"name": "openSUSE-SU-2015:0338", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00086.html"}, {"name": "RHSA-2015:0797", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0797.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-0255", "datePublished": "2015-02-13T15:00:00", "dateReserved": "2014-11-18T00:00:00", "dateUpdated": "2024-08-06T04:03:10.448Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:x.org:xorg-server:*:*:*:*:*:*:*:*", "matchCriteriaId": "801556AD-CFCA-4D77-B96F-A50F0CE164A7", "versionEndIncluding": "1.16.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:x.org:xorg-server:1.17.0:*:*:*:*:*:*:*", "matchCriteriaId": "6EB1AE9F-C293-401A-9B94-1CFCD8643963", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request."}, {"lang": "es", "value": "X.Org Server (tambi\u00e9n conocido como xserver y xorg-server) anterior a 1.16.3 y 1.17.x anterior a 1.17.1 permite a atacantes remotos obtener informaci\u00f3n sensible de la memoria de procesos o causar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un valor de longitud de cadena manipulado en una solicitud XkbSetGeometry."}], "id": "CVE-2015-0255", "lastModified": "2018-10-30T16:27:35.843", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-02-13T15:59:09.367", "references": [{"source": "secalert@redhat.com", "url": "http://advisories.mageia.org/MGASA-2015-0073.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00085.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00086.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-0797.html"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2015/dsa-3160"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:119"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/72578"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2500-1"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/"}, {"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/201504-06"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Olivier Fourdan (Red Hat).", "affected_release": [{"advisory": "RHSA-2015:0797", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-server-0:1.15.0-26.el6_6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2015-04-10T00:00:00Z"}, {"advisory": "RHSA-2015:0797", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "xorg-x11-server-0:1.15.0-33.el7_1", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-04-10T00:00:00Z"}], "bugzilla": {"description": "xorg-x11-server: information leak in the XkbSetGeometry request of X servers", "id": "1189062", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1189062"}, "csaw": false, "cvss": {"cvss_base_score": "3.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:N/A:P", "status": "verified"}, "cwe": "CWE-125", "details": ["X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request.", "A buffer overflow flaw was found in the way the X.Org server handled XkbGetGeometry requests. A malicious, authorized client could use this flaw to disclose portions of the X.Org server memory, or cause the X.Org server to crash using a specially crafted XkbGetGeometry request."], "name": "CVE-2015-0255", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "xorg-x11-server", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2015-02-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-0255\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0255\nhttp://www.x.org/wiki/Development/Security/Advisory-2015-02-10/"], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "threat_severity": "Moderate", "upstream_fix": "xorg-x11-server 1.16.4, xorg-x11-server 1.17.1"}