{
  "threat_severity" : "Important",
  "public_date" : "2020-08-25T00:00:00Z",
  "bugzilla" : {
    "description" : "xorg-x11-server: Integer underflow in the X input extension protocol",
    "id" : "1862246",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1862246"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.8",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-191",
  "details" : [ "A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "A flaw was found in xorg-x11-server. A integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ],
  "statement" : "Xorg server does not run with root  privileges in Red Hat Enterprise Linux 8, therefore this flaw has been rated as having moderate impact for Red Hat Enterprise linux 8.",
  "acknowledgement" : "Red Hat would like to thank X.org project for reporting this issue. Upstream acknowledges Jan-Niklas Sohn (Trend Micro Zero Day Initiative) as the original reporter.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2020-11-05T00:00:00Z",
    "advisory" : "RHSA-2020:4953",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "xorg-x11-server-0:1.17.4-18.el6_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2020-11-04T00:00:00Z",
    "advisory" : "RHSA-2020:4910",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "xorg-x11-server-0:1.20.4-12.el7_9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-05-18T00:00:00Z",
    "advisory" : "RHSA-2021:1804",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "egl-wayland-0:1.1.5-3.el8",
    "impact" : "moderate"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-05-18T00:00:00Z",
    "advisory" : "RHSA-2021:1804",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "libdrm-0:2.4.103-1.el8",
    "impact" : "moderate"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-05-18T00:00:00Z",
    "advisory" : "RHSA-2021:1804",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "libglvnd-1:1.3.2-1.el8",
    "impact" : "moderate"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-05-18T00:00:00Z",
    "advisory" : "RHSA-2021:1804",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "libinput-0:1.16.3-1.el8",
    "impact" : "moderate"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-05-18T00:00:00Z",
    "advisory" : "RHSA-2021:1804",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "libwacom-0:1.6-2.el8",
    "impact" : "moderate"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-05-18T00:00:00Z",
    "advisory" : "RHSA-2021:1804",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "libX11-0:1.6.8-4.el8",
    "impact" : "moderate"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-05-18T00:00:00Z",
    "advisory" : "RHSA-2021:1804",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "mesa-0:20.3.3-2.el8",
    "impact" : "moderate"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-05-18T00:00:00Z",
    "advisory" : "RHSA-2021:1804",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "xorg-x11-drivers-0:7.7-30.el8",
    "impact" : "moderate"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-05-18T00:00:00Z",
    "advisory" : "RHSA-2021:1804",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "xorg-x11-server-0:1.20.10-1.el8",
    "impact" : "moderate"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Out of support scope",
    "package_name" : "xorg-x11-server",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "xorg-x11-server",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-14346\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14346\nhttps://lists.x.org/archives/xorg-announce/2020-August/003058.html" ],
  "name" : "CVE-2020-14346",
  "csaw" : false
}