CVE-2024-21885
Published: 28 February 2024
Summary
CVE-2024-21885 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Fedoraproject (inferred from references). Its CVSS base score is 7.8 (High).
Operationally, ranked at the 47.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-19496
Vulnerability details
A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which…
more
may lead to an application crash or remote code execution in SSH X11 forwarding environments.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.