CVE-2024-21885

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-21885

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-21885.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-21885

Downstream

AZL-35405

AZL-44142

BELL-CVE-2024-21885

DEBIAN-CVE-2024-21885

DLA-3721-1

DSA-5603-1

MGASA-2024-0022

OESA-2024-1102

RHSA-2024:0320

RHSA-2024:0557

RHSA-2024:0558

RHSA-2024:0597

RHSA-2024:0607

RHSA-2024:0614

RHSA-2024:0617

RHSA-2024:0621

RHSA-2024:0626

RHSA-2024:0629

RHSA-2024:2169

RHSA-2024:2170

RHSA-2024:2995

RHSA-2024:2996

RHSA-2025:12751

RLSA-2024:0607

SUSE-SU-2024:0109-1

SUSE-SU-2024:0111-1

SUSE-SU-2024:0114-1

SUSE-SU-2024:0116-1

SUSE-SU-2024:0121-1

SUSE-SU-2024:0165-1

UBUNTU-CVE-2024-21885

USN-6587-1

USN-6587-2

USN-6587-5

openSUSE-SU-2024:13597-1

openSUSE-SU-2024:13598-1

Related

Published

2024-02-28T12:11:59.650Z

Modified

2026-05-15T04:08:57.600056313Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Xorg-x11-server: heap buffer overflow in xisenddevicehierarchyevent

Details

A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remote code execution in SSH X11 forwarding environments.

Database specific

{
    "cwe_ids": [
        "CWE-122"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/21xxx/CVE-2024-21885.json",
    "cna_assigner": "redhat"
}

References

Affected packages