CVE-2022-3550

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2022-3550
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2022-10-17 13:15:00 UTC
Updated2023-11-07 03:51:00 UTC
DescriptionA vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xkb.c. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211051.

Risk And Classification

Problem Types: CWE-119

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Debian Debian Linux 10.0 All All All
Operating System Debian Debian Linux 11.0 All All All
Operating System Fedoraproject Fedora 35 All All All
Operating System Fedoraproject Fedora 36 All All All
Operating System Fedoraproject Fedora 37 All All All
Application X.org X Server All All All All
Application X.org X Server - All All All

References

ReferenceSourceLinkTags
X.Org X server, XWayland: Multiple Vulnerabilities (GLSA 202305-30) — Gentoo security GENTOO security.gentoo.org
CVE-2022-3550 | X.org Server xkb.c _GetCountedString buffer overflow N/A vuldb.com
[SECURITY] [DLA 3185-1] xorg-server security update MLIST lists.debian.org
[SECURITY] Fedora 35 Update: xorg-x11-server-Xwayland-21.1.4-3.fc35 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
[SECURITY] Fedora 37 Update: xorg-x11-server-1.20.14-9.fc37 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
[SECURITY] Fedora 35 Update: xorg-x11-server-1.20.14-9.fc35 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
[SECURITY] Fedora 35 Update: xorg-x11-server-Xwayland-21.1.4-3.fc35 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
[SECURITY] Fedora 35 Update: xorg-x11-server-1.20.14-9.fc35 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
[SECURITY] Fedora 36 Update: xorg-x11-server-1.20.14-9.fc36 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
Debian -- Security Information -- DSA-5278-1 xorg-server DEBIAN www.debian.org Third Party Advisory
[SECURITY] Fedora 36 Update: xorg-x11-server-1.20.14-9.fc36 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
xorg/xserver - X server (mirrored from https://gitlab.freedesktop.org/xorg/xserver) N/A cgit.freedesktop.org
[SECURITY] Fedora 37 Update: xorg-x11-server-1.20.14-9.fc37 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org Mailing List, Third Party Advisory
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 160255 Oracle Enterprise Linux Security Update for xorg-x11-server (ELSA-2022-8491)
  • 160631 Oracle Enterprise Linux Security Update for xorg-x11-server (ELSA-2023-2248)
  • 160633 Oracle Enterprise Linux Security Update for xorg-x11-server-xwayland (ELSA-2023-2249)
  • 160677 Oracle Enterprise Linux Security Update for xorg-x11-server-xwayland (ELSA-2023-2805)
  • 160679 Oracle Enterprise Linux Security Update for xorg-x11-server (ELSA-2023-2806)
  • 181204 Debian Security Update for xorg-server (DLA 3185-1)
  • 181209 Debian Security Update for xorg-server (DSA 5278-1)
  • 184485 Debian Security Update for xwaylandxorg-server (CVE-2022-3550)
  • 199044 Ubuntu Security Notification for X.Org X Server Vulnerabilities (USN-5740-1)
  • 240922 Red Hat Update for xorg-x11-server (RHSA-2022:8491)
  • 241415 Red Hat Update for xorg-x11-server (RHSA-2023:2248)
  • 241448 Red Hat Update for xorg-x11-server-xwayland (RHSA-2023:2249)
  • 241510 Red Hat Update for xorg-x11-server (RHSA-2023:2806)
  • 241537 Red Hat Update for xorg-x11-server-xwayland (RHSA-2023:2805)
  • 257205 CentOS Security Update for xorg-x11-server (CESA-2022:8491)
  • 283318 Fedora Security Update for xorg (FEDORA-2022-613e993500)
  • 283346 Fedora Security Update for xorg (FEDORA-2022-9100b7aafd)
  • 283347 Fedora Security Update for xorg (FEDORA-2022-5495b36bed)
  • 283431 Fedora Security Update for xorg (FEDORA-2022-64ad80875c)
  • 354353 Amazon Linux Security Advisory for xorg-x11-server : ALAS2022-2022-250
  • 354546 Amazon Linux Security Advisory for xorg-x11-server : ALAS-2022-250
  • 354658 Amazon Linux Security Advisory for xorg-x11-server : ALAS2-2023-1910
  • 355170 Amazon Linux Security Advisory for xorg-x11-server : ALAS2023-2023-102
  • 377785 Alibaba Cloud Linux Security Update for xorg-x11-server (ALINUX2-SA-2022:0053)
  • 378649 Alibaba Cloud Linux Security Update for xorg-x11-server (ALINUX3-SA-2023:0062)
  • 379627 Alibaba Cloud Linux Security Update for xorg-x11-server-xwayland (ALINUX3-SA-2024:0044)
  • 672610 EulerOS Security Update for xorg-x11-server (EulerOS-SA-2023-1344)
  • 673075 EulerOS Security Update for xorg-x11-server (EulerOS-SA-2023-2180)
  • 710738 Gentoo Linux X.Org X server, XWayland Multiple Vulnerabilities (GLSA 202305-30)
  • 752751 SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2022:3841-1)
  • 752753 SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2022:3857-1)
  • 752754 SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2022:3856-1)
  • 752756 SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2022:3850-1)
  • 752757 SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2022:3863-1)
  • 752759 SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2022:3862-1)
  • 941042 AlmaLinux Security Update for xorg-x11-server (ALSA-2023:2248)
  • 941062 AlmaLinux Security Update for xorg-x11-server-Xwayland (ALSA-2023:2249)
  • 941068 AlmaLinux Security Update for xorg-x11-server (ALSA-2023:2806)
  • 941119 AlmaLinux Security Update for xorg-x11-server-Xwayland (ALSA-2023:2805)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report