CVE-2017-10971

moderate-risk
Published 2017-07-06

In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events.

Do I need to act?

~
2.6% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

X.Org

References (12)

http://www.debian.org/security/2017/dsa-3905
Third Party Advisory http://www.securityfocus.com/bid/99546
Issue Tracking https://bugzilla.suse.com/show_bug.cgi?id=1035283
Mailing List https://cgit.freedesktop.org/xorg/xserver/commit/?id=215f894965df5fb0bb45b107d84...
Mailing List https://cgit.freedesktop.org/xorg/xserver/commit/?id=8caed4df36b1f802b4992edcfd2...
Mailing List https://cgit.freedesktop.org/xorg/xserver/commit/?id=ba336b24052122b136486961c82...
http://www.debian.org/security/2017/dsa-3905
Third Party Advisory http://www.securityfocus.com/bid/99546
Issue Tracking https://bugzilla.suse.com/show_bug.cgi?id=1035283
Mailing List https://cgit.freedesktop.org/xorg/xserver/commit/?id=215f894965df5fb0bb45b107d84...
Mailing List https://cgit.freedesktop.org/xorg/xserver/commit/?id=8caed4df36b1f802b4992edcfd2...
Mailing List https://cgit.freedesktop.org/xorg/xserver/commit/?id=ba336b24052122b136486961c82...
41
/ 100
moderate-risk
Severity 30/34 · Critical
Exploitability 6/34 · Minimal
Exposure 5/34 · Minimal