FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-29 10:45:39 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
57561cfc-f24b-11ee-9730-001fc69cd6dc	xorg server -- Multiple vulnerabilities The X.Org project reports: CVE-2024-31080: Heap buffer overread/data leakage in ProcXIGetSelectedEvents The ProcXIGetSelectedEvents() function uses the byte-swapped length of the return data for the amount of data to return to the client, if the client has a different endianness than the X server. CVE-2024-31081: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice The ProcXIPassiveGrabDevice() function uses the byte-swapped length of the return data for the amount of data to return to the client, if the client has a different endianness than the X server. CVE-2024-31083: User-after-free in ProcRenderAddGlyphs The ProcRenderAddGlyphs() function calls the AllocateGlyph() function to store new glyphs sent by the client to the X server. AllocateGlyph() would return a new glyph with refcount=0 and a re-used glyph would end up not changing the refcount at all. The resulting glyph_new array would thus have multiple entries pointing to the same non-refcounted glyphs. ProcRenderAddGlyphs() may free a glyph, resulting in a use-after-free when the same glyph pointer is then later used. Discovery 2024-04-03 Entry 2024-04-04 xorg-server xephyr xorg-vfbserver < 21.1.12,1 xorg-nextserver < 21.1.12,2 xwayland < 23.2.5 xwayland-devel ge 21.0.99.1.672 lt 21.0.99.1.841_1 < 21.0.99.1.671_1 CVE-2024-31080 CVE-2024-31081 CVE-2024-31083 https://lists.x.org/archives/xorg-announce/2024-April/003497.html
7467c611-b490-11ee-b903-001fc69cd6dc	xorg server -- Multiple vulnerabilities The X.Org project reports: CVE-2023-6816: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255 but the X.Org Server was only allocating space for the device's number of buttons, leading to a heap overflow if a bigger value was used. CVE-2024-0229: Reattaching to different master device may lead to out-of-bounds memory access If a device has both a button class and a key class and numButtons is zero, we can get an out-of-bounds write due to event under-allocation in the DeliverStateNotifyEvent function. CVE-2024-21885: Heap buffer overflow in XISendDeviceHierarchyEvent The XISendDeviceHierarchyEvent() function allocates space to store up to MAXDEVICES (256) xXIHierarchyInfo structures in info. If a device with a given ID was removed and a new device with the same ID added both in the same operation, the single device ID will lead to two info structures being written to info. Since this case can occur for every device ID at once, a total of two times MAXDEVICES info structures might be written to the allocation, leading to a heap buffer overflow. CVE-2024-21886: Heap buffer overflow in DisableDevice The DisableDevice() function is called whenever an enabled device is disabled and it moves the device from the inputInfo.devices linked list to the inputInfo.off_devices linked list. However, its link/unlink operation has an issue during the recursive call to DisableDevice() due to the prev pointer pointing to a removed device. This issue leads to a length mismatch between the total number of devices and the number of device in the list, leading to a heap overflow and, possibly, to local privilege escalation. Discovery 2024-01-16 Entry 2024-01-16 xorg-server xephyr xorg-vfbserver < 21.1.11,1 xorg-nextserver < 21.1.11,2 xwayland < 23.2.4 xwayland-devel < 21.0.99.1.653 CVE-2023-6816 CVE-2024-0229 CVE-2024-21885 CVE-2024-21886 https://lists.x.org/archives/xorg/2024-January/061525.html

VuXML ID

Description

57561cfc-f24b-11ee-9730-001fc69cd6dc

xorg server -- Multiple vulnerabilities

The X.Org project reports:

CVE-2024-31080: Heap buffer overread/data leakage in ProcXIGetSelectedEvents
The ProcXIGetSelectedEvents() function uses the byte-swapped length of the return data for the amount of data to return to the client, if the client has a different endianness than the X server.

CVE-2024-31081: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice
The ProcXIPassiveGrabDevice() function uses the byte-swapped length of the return data for the amount of data to return to the client, if the client has a different endianness than the X server.

CVE-2024-31083: User-after-free in ProcRenderAddGlyphs
The ProcRenderAddGlyphs() function calls the AllocateGlyph() function to store new glyphs sent by the client to the X server. AllocateGlyph() would return a new glyph with refcount=0 and a re-used glyph would end up not changing the refcount at all. The resulting glyph_new array would thus have multiple entries pointing to the same non-refcounted glyphs. ProcRenderAddGlyphs() may free a glyph, resulting in a use-after-free when the same glyph pointer is then later used.

Discovery 2024-04-03
Entry 2024-04-04
xorg-server
xephyr
xorg-vfbserver

< 21.1.12,1

xorg-nextserver

< 21.1.12,2

xwayland

< 23.2.5

xwayland-devel

ge 21.0.99.1.672 lt 21.0.99.1.841_1

< 21.0.99.1.671_1

CVE-2024-31080
CVE-2024-31081
CVE-2024-31083
https://lists.x.org/archives/xorg-announce/2024-April/003497.html

7467c611-b490-11ee-b903-001fc69cd6dc

xorg server -- Multiple vulnerabilities

The X.Org project reports:

CVE-2023-6816: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer
Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255 but the X.Org Server was only allocating space for the device's number of buttons, leading to a heap overflow if a bigger value was used.

CVE-2024-0229: Reattaching to different master device may lead to out-of-bounds memory access
If a device has both a button class and a key class and numButtons is zero, we can get an out-of-bounds write due to event under-allocation in the DeliverStateNotifyEvent function.

CVE-2024-21885: Heap buffer overflow in XISendDeviceHierarchyEvent
The XISendDeviceHierarchyEvent() function allocates space to store up to MAXDEVICES (256) xXIHierarchyInfo structures in info. If a device with a given ID was removed and a new device with the same ID added both in the same operation, the single device ID will lead to two info structures being written to info. Since this case can occur for every device ID at once, a total of two times MAXDEVICES info structures might be written to the allocation, leading to a heap buffer overflow.

CVE-2024-21886: Heap buffer overflow in DisableDevice
The DisableDevice() function is called whenever an enabled device is disabled and it moves the device from the inputInfo.devices linked list to the inputInfo.off_devices linked list. However, its link/unlink operation has an issue during the recursive call to DisableDevice() due to the prev pointer pointing to a removed device. This issue leads to a length mismatch between the total number of devices and the number of device in the list, leading to a heap overflow and, possibly, to local privilege escalation.

Discovery 2024-01-16
Entry 2024-01-16
xorg-server
xephyr
xorg-vfbserver

< 21.1.11,1

xorg-nextserver

< 21.1.11,2

xwayland

< 23.2.4

xwayland-devel

< 21.0.99.1.653

CVE-2023-6816
CVE-2024-0229
CVE-2024-21885
CVE-2024-21886
https://lists.x.org/archives/xorg/2024-January/061525.html