CVE-2016-7945 - OpenCVE

Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
X.org	Libxi
Fedoraproject	Fedora

Configuration 1 [-]

OR	cpe:2.3:o:fedoraproject:fedora:24:::::::*
	cpe:2.3:o:fedoraproject:fedora:25:::::::*

Configuration 2 [-]

cpe:2.3:a:x.org:libxi:*:*:*:*:*:*:*:*

References

Link	Resource
http://www.openwall.com/lists/oss-security/2016/10/04/2
http://www.openwall.com/lists/oss-security/2016/10/04/4
http://www.securityfocus.com/bid/93364
http://www.securitytracker.com/id/1036945
https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3NTWIWSQ575GREBVAOUQUIMDL5CDVGP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVTZ2XLPKLASQUIQA2GMKKAUOQIUMM7I/
https://lists.x.org/archives/xorg-announce/2016-October/002720.html
https://security.gentoo.org/glsa/201704-03

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: microfocus

Published: 2016-12-13T20:00:00

Updated: 2021-01-06T16:15:57

Reserved: 2016-09-09T00:00:00

Link: CVE-2016-7945

JSON object: View

NVD Information

Status : Modified

Published: 2016-12-13T20:59:10.287

Modified: 2023-11-07T02:35:18.260

Link: CVE-2016-7945

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-10-04T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-06T16:15:57", "orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "microfocus"}, "references": [{"name": "FEDORA-2016-8b122b0997", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3NTWIWSQ575GREBVAOUQUIMDL5CDVGP/"}, {"name": "1036945", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1036945"}, {"name": "GLSA-201704-03", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201704-03"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5"}, {"name": "[xorg-announce] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.x.org/archives/xorg-announce/2016-October/002720.html"}, {"name": "FEDORA-2016-cabb6d7ef7", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVTZ2XLPKLASQUIQA2GMKKAUOQIUMM7I/"}, {"name": "[oss-security] 20161004 Re: X.Org security advisory: Protocol handling issues in X Window System client libraries", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/10/04/4"}, {"name": "[oss-security] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/10/04/2"}, {"name": "93364", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/93364"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@suse.com", "ID": "CVE-2016-7945", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "FEDORA-2016-8b122b0997", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3NTWIWSQ575GREBVAOUQUIMDL5CDVGP/"}, {"name": "1036945", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1036945"}, {"name": "GLSA-201704-03", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201704-03"}, {"name": "https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5", "refsource": "CONFIRM", "url": "https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5"}, {"name": "[xorg-announce] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries", "refsource": "MLIST", "url": "https://lists.x.org/archives/xorg-announce/2016-October/002720.html"}, {"name": "FEDORA-2016-cabb6d7ef7", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KVTZ2XLPKLASQUIQA2GMKKAUOQIUMM7I/"}, {"name": "[oss-security] 20161004 Re: X.Org security advisory: Protocol handling issues in X Window System client libraries", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/10/04/4"}, {"name": "[oss-security] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/10/04/2"}, {"name": "93364", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93364"}]}}}}, "cveMetadata": {"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "assignerShortName": "microfocus", "cveId": "CVE-2016-7945", "datePublished": "2016-12-13T20:00:00", "dateReserved": "2016-09-09T00:00:00", "dateUpdated": "2021-01-06T16:15:57", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*", "matchCriteriaId": "C729D5D1-ED95-443A-9F53-5D7C2FD9B80C", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*", "matchCriteriaId": "772E9557-A371-4664-AE2D-4135AAEB89AA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:x.org:libxi:*:*:*:*:*:*:*:*", "matchCriteriaId": "BC62AF0F-A048-424F-ABEC-E36BF55D1081", "versionEndIncluding": "1.7.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de entero en X.org libXi en versiones anteriores a 1.7.7 permite a servidores remotos X provocar una denegaci\u00f3n de servicio (acceso de memoria fuera de datos o bucle infinito) a trav\u00e9s de vectores que involucran campos de longitud."}], "id": "CVE-2016-7945", "lastModified": "2023-11-07T02:35:18.260", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-12-13T20:59:10.287", "references": [{"source": "security@opentext.com", "url": "http://www.openwall.com/lists/oss-security/2016/10/04/2"}, {"source": "security@opentext.com", "url": "http://www.openwall.com/lists/oss-security/2016/10/04/4"}, {"source": "security@opentext.com", "url": "http://www.securityfocus.com/bid/93364"}, {"source": "security@opentext.com", "url": "http://www.securitytracker.com/id/1036945"}, {"source": "security@opentext.com", "url": "https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5"}, {"source": "security@opentext.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3NTWIWSQ575GREBVAOUQUIMDL5CDVGP/"}, {"source": "security@opentext.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVTZ2XLPKLASQUIQA2GMKKAUOQIUMM7I/"}, {"source": "security@opentext.com", "url": "https://lists.x.org/archives/xorg-announce/2016-October/002720.html"}, {"source": "security@opentext.com", "url": "https://security.gentoo.org/glsa/201704-03"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}