Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

CVE-2021-31535

EPSS 2.06% · P84
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-31535

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request (intended for server-side color lookup) contains a flaw allowing a client to send color-name requests with a name longer than the maximum size allowed by the protocol (and also longer than the maximum packet size for normal-sized packets). The user-controlled data exceeding the maximum size is then interpreted by the server as additional X protocol requests and executed, e.g., to disable X server authorization completely. For example, if the victim encounters malicious terminal control sequences for color codes, then the attacker may be able to take full control of the running graphical session.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
X.Org libX11 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
X.Org libX11是X.Org(X.org)基金会的一个X11(X Window系统)客户端库。 libX11 存在输入验证错误漏洞,该漏洞源于XLookupColor和其他X库函数缺乏对其字符串参数长度的适当验证。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2021-31535

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2021-31535

登录查看更多情报信息。

Vendor Advisories for CVE-2021-31535 (3)

Mailing List Discussions for CVE-2021-31535 (10)

Security Blog Posts for CVE-2021-31535 (1)

Other References for CVE-2021-31535 (2)

Same Patch Batch · n/a · 2021-05-27 · 74 CVEs total

CVE-2020-22025FFmpeg 缓冲区错误漏洞
CVE-2020-14329Red Hat Ansible 信息泄露漏洞
CVE-2020-10688Red Hat Resteasy 跨站脚本漏洞
CVE-2020-22033FFmpeg 缓冲区错误漏洞
CVE-2020-22032FFmpeg 缓冲区错误漏洞
CVE-2020-22016FFmpeg 缓冲区错误漏洞
CVE-2020-22017FFmpeg 缓冲区错误漏洞
CVE-2021-33394Devellion Cubecart 授权问题漏洞
CVE-2020-22022FFmpeg 缓冲区错误漏洞
CVE-2020-22023FFmpeg 缓冲区错误漏洞
CVE-2020-10697Red Hat Ansible 安全漏洞
CVE-2020-22027FFmpeg 缓冲区错误漏洞
CVE-2020-22030FFmpeg 缓冲区错误漏洞
CVE-2020-22029FFmpeg 缓冲区错误漏洞
CVE-2020-22031FFmpeg 缓冲区错误漏洞
CVE-2021-27490Siemens Solid Edge 缓冲区错误漏洞
CVE-2021-27492Siemens Solid Edge 代码问题漏洞
CVE-2021-27488Siemens Solid Edge 缓冲区错误漏洞
CVE-2021-27496Siemens Solid Edge 安全漏洞
CVE-2021-27494Siemens Solid Edge 安全漏洞

Showing top 20 of 74 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2021-31535

No comments yet

Leave a comment