CVE-2021-31535

Summary

CVE	CVE-2021-31535
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-05-27 13:15:00 UTC
Updated	2023-11-07 03:34:00 UTC
Description	LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request (intended for server-side color lookup) contains a flaw allowing a client to send color-name requests with a name longer than the maximum size allowed by the protocol (and also longer than the maximum packet size for normal-sized packets). The user-controlled data exceeding the maximum size is then interpreted by the server as additional X protocol requests and executed, e.g., to disable X server authorization completely. For example, if the victim encounters malicious terminal control sequences for color codes, then the attacker may be able to take full control of the running graphical session.

Risk And Classification

Problem Types: CWE-120

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Fedoraproject	Fedora	33	All	All	All
Application	X.org	Libx11	All	All	All	All
Operating System	X.org	X Window System	All	All	All	All

References

Reference	Source	Link	Tags
Pony Mail!	MLIST	lists.apache.org
Pony Mail!	MLIST	lists.apache.org
[kafka-dev] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image		lists.apache.org
oss-security - libX11 security advisory: May 18, 2021	MISC	www.openwall.com
Pony Mail!	MLIST	lists.apache.org
libX11 Insufficient Length Check / Injection ≈ Packet Storm	MISC	packetstormsecurity.com
[kafka-users] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image		lists.apache.org
Debian -- Security Information -- DSA-4920-1 libx11	DEBIAN	www.debian.org
Reject string longer than USHRT_MAX before sending them on the wire (8d2e02ae) · Commits · xorg / lib / libX11 · GitLab	MISC	gitlab.freedesktop.org
unparalleled.eu/publications/2021/advisory-unpar-2021-1.txt	MISC	unparalleled.eu
oss-security - libx11 API Protocol Command Injection	MISC	www.openwall.com
The xorg Archives	MISC	lists.freedesktop.org
Pony Mail!	MLIST	lists.apache.org
[kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image		lists.apache.org
[SECURITY] Fedora 33 Update: libX11-1.7.2-3.fc33 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
Using Xterm to Navigate the Huge Color Space	MISC	unparalleled.eu
[SECURITY] [DLA 2666-1] libx11 security update	MLIST	lists.debian.org
Full Disclosure: CVE-2021-31535 libX11 Insufficient Length Checks PoC and Archeology	FULLDISC	seclists.org
[SECURITY] Fedora 33 Update: libX11-1.7.2-3.fc33 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
oss-security - libX11 security advisory: May 18, 2021	MLIST	www.openwall.com
X.Org X11 library: Denial of service (GLSA 202105-16) — Gentoo security	GENTOO	security.gentoo.org
libX11 security advisory: May 11, 2021	MISC	lists.x.org
CVE-2021-31535 X.Org X Vulnerability in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
[kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image		lists.apache.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

159372 Oracle Enterprise Linux Security Update for libX11 (ELSA-2021-3296)
159490 Oracle Enterprise Linux Security Update for libX11 (ELSA-2021-4326)
178606 Debian Security Update for libx11 (DLA 2666-1)
178619 Debian Security Update for libx11 (DSA 4920-1)
178634 Debian Security Update for libx11 (DSA 4920-1)
179854 Debian Security Update for libx11 (CVE-2021-31535)
198385 Ubuntu Security Notification for libx11 vulnerability (USN-4966-1)
239586 Red Hat Update for libX11 (RHSA-2021:3296)
239780 Red Hat Update for libx11 (RHSA-2021:4326)
257108 CentOS Security Update for libX11 (CESA-2021:3296)
281843 Fedora Security Update for libX11 (FEDORA-2021-62bb9998b2)
296059 Oracle Solaris 11.4 Support Repository Update (SRU) 36.0.1.101.2 Missing (CPUJUL2021)
352474 Amazon Linux Security Advisory for libX11: ALAS-2021-1517
352488 Amazon Linux Security Advisory for libX11: ALAS2-2021-1686
352824 Amazon Linux Security Advisory for libX11: AL2012-2021-348
377071 Alibaba Cloud Linux Security Update for libx11 (ALINUX2-SA-2021:0052)
500335 Alpine Linux Security Update for libx11
501422 Alpine Linux Security Update for libx11
504100 Alpine Linux Security Update for libx11
670647 EulerOS Security Update for libX11 (EulerOS-SA-2021-2405)
670714 EulerOS Security Update for libX11 (EulerOS-SA-2021-2472)
670749 EulerOS Security Update for libX11 (EulerOS-SA-2021-2507)
670776 EulerOS Security Update for libX11 (EulerOS-SA-2021-2534)
670800 EulerOS Security Update for libX11 (EulerOS-SA-2021-2558)
670898 EulerOS Security Update for libX11 (EulerOS-SA-2021-2558)
690123 Free Berkeley Software Distribution (FreeBSD) Security Update for libx11 (58d6ed66-c2e8-11eb-9fb0-6451062f0f7a)
710100 Gentoo Linux X.Org X11 library Denial of service vulnerability (GLSA 202105-16)
750037 SUSE Enterprise Linux Security Update for libX11 (SUSE-SU-2021:1766-1)
750039 SUSE Enterprise Linux Security Update for libX11 (SUSE-SU-2021:1765-1)
750043 SUSE Enterprise Linux Security Update for libX11 (SUSE-SU-2021:1766-1)
750045 SUSE Enterprise Linux Security Update for libX11 (SUSE-SU-2021:1765-1)
750061 SUSE Enterprise Linux Security Update for libX11 (SUSE-SU-2021:1765-1)
750122 SUSE Enterprise Linux Security Update for libX11 (SUSE-SU-2021:1892-1)
750130 SUSE Enterprise Linux Security Update for libX11 (SUSE-SU-2021:1897-1)
750167 OpenSUSE Security Update for libX11 (openSUSE-SU-2021:0857-1)
750186 OpenSUSE Security Update for libX11 (openSUSE-SU-2021:0807-1)
750801 OpenSUSE Security Update for libX11 (openSUSE-SU-2021:1897-1)
905131 Common Base Linux Mariner (CBL-Mariner) Security Update for libX11 (12509)
940177 AlmaLinux Security Update for libX11 (ALSA-2021:4326)
960405 Rocky Linux Security Update for libX11 (RLSA-2021:4326)