Bug 1154325 (CVE-2019-17624) - VUL-0: CVE-2019-17624: xorg-x11-libX11,libX11: stack-based buffer overflow in the function XQueryKeymap may lead to denial of service
Summary: VUL-0: CVE-2019-17624: xorg-x11-libX11,libX11: stack-based buffer overflow in...
Status: RESOLVED INVALID
Alias: CVE-2019-17624
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: E-mail List
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/245106/
Whiteboard: CVSSv2:NVD:CVE-2019-17624:4.6:(AV:L/A...
Keywords:
Depends on:
Blocks:
 
Reported: 2019-10-17 11:05 UTC by Marcus Meissner
Modified: 2019-11-05 23:50 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
xx.py (1.07 KB, text/x-python)
2019-10-17 11:05 UTC, Marcus Meissner 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2019-10-17 11:05:24 UTC 
CVE-2019-17624

In X.Org X Server 1.20.4, there is a stack-based buffer overflow in the function
XQueryKeymap. For example, by sending ct.c_char 1000 times, an attacker can
cause a denial of service (application crash) or possibly have unspecified other
impact.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-17624
http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17624.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17624
https://www.x.org/releases/individual/xserver/
https://www.exploit-db.com/exploits/47507
Comment 1 Marcus Meissner 2019-10-17 11:05:50 UTC 
Created attachment 821800 [details]
xx.py

QA REPRODUCER:

python xx.py
Comment 2 Marcus Meissner 2019-10-17 11:06:11 UTC 
The description says "server", but I only get a crash in libX11 (client side).
Comment 3 Marcus Meissner 2019-11-05 16:05:30 UTC 
was also disputed by X team