CVE-2022-3550

Public on 2022-10-17

Modified on 2023-01-18

Description

A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xkb.c. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211051.

Severity

Important

See what this means

CVSS v3 Base Score

8.8

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 2 - Core	xorg-x11-server	2023-01-18 00:16	ALAS2-2023-1910
Amazon Linux 2023	xorg-x11-server	2023-02-17 20:48	ALAS2023-2023-102

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
NVD	CVSSv3	5.5	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

References

Red Hat: CVE-2022-3550 Mitre: CVE-2022-3550 FAQs regarding Amazon Linux ALAS/CVE Severity