CVE-2024-21885

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-21885

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-21885.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-21885

Downstream

BELL-CVE-2024-21885

DEBIAN-CVE-2024-21885

DLA-3721-1

DSA-5603-1

OESA-2024-1102

RHSA-2024:0320

RHSA-2024:0557

RHSA-2024:0558

RHSA-2024:0597

RHSA-2024:0607

RHSA-2024:0614

RHSA-2024:0617

RHSA-2024:0621

RHSA-2024:0626

RHSA-2024:0629

RHSA-2024:2169

RHSA-2024:2170

RHSA-2024:2995

RHSA-2024:2996

RHSA-2025:12751

SUSE-SU-2024:0109-1

SUSE-SU-2024:0111-1

SUSE-SU-2024:0114-1

SUSE-SU-2024:0116-1

SUSE-SU-2024:0121-1

SUSE-SU-2024:0165-1

UBUNTU-CVE-2024-21885

USN-6587-1

USN-6587-2

USN-6587-5

openSUSE-SU-2024:13597-1

openSUSE-SU-2024:13598-1

Related

Published

2024-02-28T13:15:08Z

Modified

2025-08-09T20:01:26Z

Summary

[none]

Details

A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remote code execution in SSH X11 forwarding environments.

References

Affected packages