CVE-2025-49179
Public on 2025-06-17
Modified on 2025-06-20
Description
The RecordSanityCheckRegisterClients() function in the X Record extension implementation of the Xserver checks for the request length, but does not check for integer overflow.
A client might send a very large value for either the number of clients or the number of protocol ranges that will cause an integer overflow in the request length computation, defeating the check for request length.
A client might send a very large value for either the number of clients or the number of protocol ranges that will cause an integer overflow in the request length computation, defeating the check for request length.
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2 - Core | tigervnc | Pending Fix | ||
| Amazon Linux 2023 | tigervnc | Pending Fix | ||
| Amazon Linux 1 | xorg-x11-server | No Fix Planned | ||
| Amazon Linux 2 - Core | xorg-x11-server | Pending Fix | ||
| Amazon Linux 2023 | xorg-x11-server | Pending Fix | ||
| Amazon Linux 2023 | xorg-x11-server-Xwayland | Pending Fix |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 6.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
| NVD | CVSSv3 | 7.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H |