Updated: 2025-09-03 22:59:10.477855
Description:
A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflow when computing request length, which allows a client to bypass length checks.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | NONE | 0.0 |
| CVSS Version 3.x | HIGH | 7.3 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | xorg-x11-server-Xwayland | 21.1.3 | 7.3 | HIGH | Released | CLSA-2025:1764027165 | 2025-11-25 02:26:43 | |
| AlmaLinux 9.2 ESU | tigervnc | 1.12.0 | 7.3 | HIGH | Released | CLSA-2025:1752921642 | 2025-07-20 01:39:16 | |
| CentOS 7 ELS | xorg-x11-server | 1.20.4 | 7.3 | HIGH | Released | CLSA-2025:1757501564 | 2025-09-24 17:02:46 | |
| Oracle Linux 7 ELS | xorg-x11-server | 1.20.4 | 7.3 | HIGH | Already Fixed | 2025-11-18 15:06:53 | ||
| Oracle Linux 7 ELS | tigervnc | 1.8.0 | 7.3 | HIGH | Released | CLSA-2025:1760646561 | 2025-10-17 05:31:01 | |
| RHEL 7 ELS | xorg-x11-server | 1.20.4 | 7.3 | HIGH | Released | CLSA-2025:1757499160 | 2025-09-10 13:41:29 |