CVE-2021-31535

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-31535
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-31535.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-31535
Related
Published
2021-05-27T13:15:08Z
Modified
2024-09-18T03:14:23.897403Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request (intended for server-side color lookup) contains a flaw allowing a client to send color-name requests with a name longer than the maximum size allowed by the protocol (and also longer than the maximum packet size for normal-sized packets). The user-controlled data exceeding the maximum size is then interpreted by the server as additional X protocol requests and executed, e.g., to disable X server authorization completely. For example, if the victim encounters malicious terminal control sequences for color codes, then the attacker may be able to take full control of the running graphical session.

References

Affected packages

Alpine:v3.10 / libx11

Package

Name
libx11
Purl
pkg:apk/alpine/libx11?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.6.12-r1

Affected versions

1.*

1.1.99.2-r0
1.1.99.2-r1
1.2-r0
1.2.1-r0
1.2.2-r0
1.3-r0
1.3.2-r0
1.3.3-r0
1.3.3-r1
1.3.4-r0
1.3.5-r0
1.3.6-r0
1.4.0-r0
1.4.1-r0
1.4.1-r1
1.4.2-r0
1.4.3-r0
1.4.3-r1
1.4.3-r2
1.4.3-r3
1.4.4-r0
1.4.99.1-r0
1.4.99.901-r0
1.5.0-r0
1.5.99.902-r0
1.6.0-r0
1.6.1-r0
1.6.2-r0
1.6.2-r1
1.6.3-r0
1.6.3-r1
1.6.3-r2
1.6.4-r0
1.6.5-r0
1.6.5-r1
1.6.5-r2
1.6.6-r0
1.6.7-r0
1.6.8-r0
1.6.8-r1
1.6.10-r0
1.6.12-r0

Alpine:v3.11 / libx11

Package

Name
libx11
Purl
pkg:apk/alpine/libx11?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.6.12-r1

Affected versions

1.*

1.1.99.2-r0
1.1.99.2-r1
1.2-r0
1.2.1-r0
1.2.2-r0
1.3-r0
1.3.2-r0
1.3.3-r0
1.3.3-r1
1.3.4-r0
1.3.5-r0
1.3.6-r0
1.4.0-r0
1.4.1-r0
1.4.1-r1
1.4.2-r0
1.4.3-r0
1.4.3-r1
1.4.3-r2
1.4.3-r3
1.4.4-r0
1.4.99.1-r0
1.4.99.901-r0
1.5.0-r0
1.5.99.902-r0
1.6.0-r0
1.6.1-r0
1.6.2-r0
1.6.2-r1
1.6.3-r0
1.6.3-r1
1.6.3-r2
1.6.4-r0
1.6.5-r0
1.6.5-r1
1.6.5-r2
1.6.6-r0
1.6.7-r0
1.6.8-r0
1.6.8-r1
1.6.9-r0
1.6.10-r0
1.6.12-r0

Alpine:v3.12 / libx11

Package

Name
libx11
Purl
pkg:apk/alpine/libx11?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.6.12-r1

Affected versions

1.*

1.1.99.2-r0
1.1.99.2-r1
1.2-r0
1.2.1-r0
1.2.2-r0
1.3-r0
1.3.2-r0
1.3.3-r0
1.3.3-r1
1.3.4-r0
1.3.5-r0
1.3.6-r0
1.4.0-r0
1.4.1-r0
1.4.1-r1
1.4.2-r0
1.4.3-r0
1.4.3-r1
1.4.3-r2
1.4.3-r3
1.4.4-r0
1.4.99.1-r0
1.4.99.901-r0
1.5.0-r0
1.5.99.902-r0
1.6.0-r0
1.6.1-r0
1.6.2-r0
1.6.2-r1
1.6.3-r0
1.6.3-r1
1.6.3-r2
1.6.4-r0
1.6.5-r0
1.6.5-r1
1.6.5-r2
1.6.6-r0
1.6.7-r0
1.6.8-r0
1.6.8-r1
1.6.9-r0
1.6.10-r0
1.6.11-r0
1.6.12-r0

Alpine:v3.13 / libx11

Package

Name
libx11
Purl
pkg:apk/alpine/libx11?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.1-r0

Affected versions

1.*

1.1.99.2-r0
1.1.99.2-r1
1.2-r0
1.2.1-r0
1.2.2-r0
1.3-r0
1.3.2-r0
1.3.3-r0
1.3.3-r1
1.3.4-r0
1.3.5-r0
1.3.6-r0
1.4.0-r0
1.4.1-r0
1.4.1-r1
1.4.2-r0
1.4.3-r0
1.4.3-r1
1.4.3-r2
1.4.3-r3
1.4.4-r0
1.4.99.1-r0
1.4.99.901-r0
1.5.0-r0
1.5.99.902-r0
1.6.0-r0
1.6.1-r0
1.6.2-r0
1.6.2-r1
1.6.3-r0
1.6.3-r1
1.6.3-r2
1.6.4-r0
1.6.5-r0
1.6.5-r1
1.6.5-r2
1.6.6-r0
1.6.7-r0
1.6.8-r0
1.6.8-r1
1.6.9-r0
1.6.10-r0
1.6.11-r0
1.6.12-r0
1.7.0-r0

Alpine:v3.14 / libx11

Package

Name
libx11
Purl
pkg:apk/alpine/libx11?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.1-r0

Affected versions

1.*

1.1.99.2-r0
1.1.99.2-r1
1.2-r0
1.2.1-r0
1.2.2-r0
1.3-r0
1.3.2-r0
1.3.3-r0
1.3.3-r1
1.3.4-r0
1.3.5-r0
1.3.6-r0
1.4.0-r0
1.4.1-r0
1.4.1-r1
1.4.2-r0
1.4.3-r0
1.4.3-r1
1.4.3-r2
1.4.3-r3
1.4.4-r0
1.4.99.1-r0
1.4.99.901-r0
1.5.0-r0
1.5.99.902-r0
1.6.0-r0
1.6.1-r0
1.6.2-r0
1.6.2-r1
1.6.3-r0
1.6.3-r1
1.6.3-r2
1.6.4-r0
1.6.5-r0
1.6.5-r1
1.6.5-r2
1.6.6-r0
1.6.7-r0
1.6.8-r0
1.6.8-r1
1.6.9-r0
1.6.10-r0
1.6.11-r0
1.6.12-r0
1.7.0-r0

Alpine:v3.15 / libx11

Package

Name
libx11
Purl
pkg:apk/alpine/libx11?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.1-r0

Affected versions

1.*

1.1.99.2-r0
1.1.99.2-r1
1.2-r0
1.2.1-r0
1.2.2-r0
1.3-r0
1.3.2-r0
1.3.3-r0
1.3.3-r1
1.3.4-r0
1.3.5-r0
1.3.6-r0
1.4.0-r0
1.4.1-r0
1.4.1-r1
1.4.2-r0
1.4.3-r0
1.4.3-r1
1.4.3-r2
1.4.3-r3
1.4.4-r0
1.4.99.1-r0
1.4.99.901-r0
1.5.0-r0
1.5.99.902-r0
1.6.0-r0
1.6.1-r0
1.6.2-r0
1.6.2-r1
1.6.3-r0
1.6.3-r1
1.6.3-r2
1.6.4-r0
1.6.5-r0
1.6.5-r1
1.6.5-r2
1.6.6-r0
1.6.7-r0
1.6.8-r0
1.6.8-r1
1.6.9-r0
1.6.10-r0
1.6.11-r0
1.6.12-r0
1.7.0-r0

Alpine:v3.16 / libx11

Package

Name
libx11
Purl
pkg:apk/alpine/libx11?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.1-r0

Affected versions

1.*

1.1.99.2-r0
1.1.99.2-r1
1.2-r0
1.2.1-r0
1.2.2-r0
1.3-r0
1.3.2-r0
1.3.3-r0
1.3.3-r1
1.3.4-r0
1.3.5-r0
1.3.6-r0
1.4.0-r0
1.4.1-r0
1.4.1-r1
1.4.2-r0
1.4.3-r0
1.4.3-r1
1.4.3-r2
1.4.3-r3
1.4.4-r0
1.4.99.1-r0
1.4.99.901-r0
1.5.0-r0
1.5.99.902-r0
1.6.0-r0
1.6.1-r0
1.6.2-r0
1.6.2-r1
1.6.3-r0
1.6.3-r1
1.6.3-r2
1.6.4-r0
1.6.5-r0
1.6.5-r1
1.6.5-r2
1.6.6-r0
1.6.7-r0
1.6.8-r0
1.6.8-r1
1.6.9-r0
1.6.10-r0
1.6.11-r0
1.6.12-r0
1.7.0-r0

Alpine:v3.17 / libx11

Package

Name
libx11
Purl
pkg:apk/alpine/libx11?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.1-r0

Affected versions

1.*

1.1.99.2-r0
1.1.99.2-r1
1.2-r0
1.2.1-r0
1.2.2-r0
1.3-r0
1.3.2-r0
1.3.3-r0
1.3.3-r1
1.3.4-r0
1.3.5-r0
1.3.6-r0
1.4.0-r0
1.4.1-r0
1.4.1-r1
1.4.2-r0
1.4.3-r0
1.4.3-r1
1.4.3-r2
1.4.3-r3
1.4.4-r0
1.4.99.1-r0
1.4.99.901-r0
1.5.0-r0
1.5.99.902-r0
1.6.0-r0
1.6.1-r0
1.6.2-r0
1.6.2-r1
1.6.3-r0
1.6.3-r1
1.6.3-r2
1.6.4-r0
1.6.5-r0
1.6.5-r1
1.6.5-r2
1.6.6-r0
1.6.7-r0
1.6.8-r0
1.6.8-r1
1.6.9-r0
1.6.10-r0
1.6.11-r0
1.6.12-r0
1.7.0-r0

Alpine:v3.18 / libx11

Package

Name
libx11
Purl
pkg:apk/alpine/libx11?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.1-r0

Affected versions

1.*

1.1.99.2-r0
1.1.99.2-r1
1.2-r0
1.2.1-r0
1.2.2-r0
1.3-r0
1.3.2-r0
1.3.3-r0
1.3.3-r1
1.3.4-r0
1.3.5-r0
1.3.6-r0
1.4.0-r0
1.4.1-r0
1.4.1-r1
1.4.2-r0
1.4.3-r0
1.4.3-r1
1.4.3-r2
1.4.3-r3
1.4.4-r0
1.4.99.1-r0
1.4.99.901-r0
1.5.0-r0
1.5.99.902-r0
1.6.0-r0
1.6.1-r0
1.6.2-r0
1.6.2-r1
1.6.3-r0
1.6.3-r1
1.6.3-r2
1.6.4-r0
1.6.5-r0
1.6.5-r1
1.6.5-r2
1.6.6-r0
1.6.7-r0
1.6.8-r0
1.6.8-r1
1.6.9-r0
1.6.10-r0
1.6.11-r0
1.6.12-r0
1.7.0-r0

Alpine:v3.19 / libx11

Package

Name
libx11
Purl
pkg:apk/alpine/libx11?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.1-r0

Affected versions

1.*

1.1.99.2-r0
1.1.99.2-r1
1.2-r0
1.2.1-r0
1.2.2-r0
1.3-r0
1.3.2-r0
1.3.3-r0
1.3.3-r1
1.3.4-r0
1.3.5-r0
1.3.6-r0
1.4.0-r0
1.4.1-r0
1.4.1-r1
1.4.2-r0
1.4.3-r0
1.4.3-r1
1.4.3-r2
1.4.3-r3
1.4.4-r0
1.4.99.1-r0
1.4.99.901-r0
1.5.0-r0
1.5.99.902-r0
1.6.0-r0
1.6.1-r0
1.6.2-r0
1.6.2-r1
1.6.3-r0
1.6.3-r1
1.6.3-r2
1.6.4-r0
1.6.5-r0
1.6.5-r1
1.6.5-r2
1.6.6-r0
1.6.7-r0
1.6.8-r0
1.6.8-r1
1.6.9-r0
1.6.10-r0
1.6.11-r0
1.6.12-r0
1.7.0-r0

Alpine:v3.20 / libx11

Package

Name
libx11
Purl
pkg:apk/alpine/libx11?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.1-r0

Affected versions

1.*

1.1.99.2-r0
1.1.99.2-r1
1.2-r0
1.2.1-r0
1.2.2-r0
1.3-r0
1.3.2-r0
1.3.3-r0
1.3.3-r1
1.3.4-r0
1.3.5-r0
1.3.6-r0
1.4.0-r0
1.4.1-r0
1.4.1-r1
1.4.2-r0
1.4.3-r0
1.4.3-r1
1.4.3-r2
1.4.3-r3
1.4.4-r0
1.4.99.1-r0
1.4.99.901-r0
1.5.0-r0
1.5.99.902-r0
1.6.0-r0
1.6.1-r0
1.6.2-r0
1.6.2-r1
1.6.3-r0
1.6.3-r1
1.6.3-r2
1.6.4-r0
1.6.5-r0
1.6.5-r1
1.6.5-r2
1.6.6-r0
1.6.7-r0
1.6.8-r0
1.6.8-r1
1.6.9-r0
1.6.10-r0
1.6.11-r0
1.6.12-r0
1.7.0-r0

Debian:11 / libx11

Package

Name
libx11
Purl
pkg:deb/debian/libx11?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:1.7.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libx11

Package

Name
libx11
Purl
pkg:deb/debian/libx11?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:1.7.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libx11

Package

Name
libx11
Purl
pkg:deb/debian/libx11?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:1.7.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/mirror/libx11

Affected ranges

Type
GIT
Repo
https://github.com/mirror/libx11
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
GIT
Repo
https://gitlab.freedesktop.org/xorg/lib/libx11
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

Other

MODULAR_COPY
XACE-SELINUX-MERGE
XORG-6_7_99_1
XORG-6_7_99_2
XORG-6_7_99_902
XORG-6_7_99_903
XORG-6_8_1
XORG-6_8_99_10
XORG-6_8_99_13
XORG-6_8_99_14
XORG-6_8_99_15
XORG-6_8_99_6
XORG-6_8_99_7
XORG-6_8_99_9
XORG-6_8_99_900
XORG-6_8_99_901
XORG-6_8_99_902
XORG-6_8_99_903
XORG-6_99_99_900
XORG-6_99_99_901
XORG-6_99_99_902
XORG-6_99_99_903
XORG-6_99_99_904
XORG-MAIN
libX11-1_0_1
libX11-1_0_2
libX11-1_0_3

libX11-1.*

libX11-1.0.99.1
libX11-1.0.99.2
libX11-1.1
libX11-1.1-RC1
libX11-1.1-RC2
libX11-1.1.1
libX11-1.1.2
libX11-1.1.3
libX11-1.1.4
libX11-1.1.99.2
libX11-1.2
libX11-1.2.1
libX11-1.2.2
libX11-1.2.99.901
libX11-1.3
libX11-1.3.1
libX11-1.3.2
libX11-1.3.3
libX11-1.3.4
libX11-1.3.99.901
libX11-1.3.99.902
libX11-1.3.99.903
libX11-1.4.0
libX11-1.4.1
libX11-1.4.2
libX11-1.4.3
libX11-1.4.4
libX11-1.4.99.1
libX11-1.4.99.901
libX11-1.4.99.902
libX11-1.5.0
libX11-1.5.99.901
libX11-1.5.99.902
libX11-1.6.0
libX11-1.6.1
libX11-1.6.10
libX11-1.6.11
libX11-1.6.12
libX11-1.6.2
libX11-1.6.3
libX11-1.6.4
libX11-1.6.5
libX11-1.6.6
libX11-1.6.7
libX11-1.6.8
libX11-1.6.9
libX11-1.7.0