AZL-35405

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-35405.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-35405

Upstream

CVE-2024-21885

Published

2024-02-28T13:15:08Z

Modified

2026-04-21T04:28:04.516843Z

Summary

CVE-2024-21885 affecting package xorg-x11-server for versions less than 1.20.10-10

Details

A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remote code execution in SSH X11 forwarding environments.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-21885

Affected packages

Azure Linux:2 / xorg-x11-server

Package

Name: xorg-x11-server
Purl: pkg:rpm/azure-linux/xorg-x11-server

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.20.10-10

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-35405.json"