{"api_version":"1","generated_at":"2026-04-22T22:58:02+00:00","cve":"CVE-2020-14344","urls":{"html":"https://cve.report/CVE-2020-14344","api":"https://cve.report/api/cve/CVE-2020-14344.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-14344","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-14344"},"summary":{"title":"CVE-2020-14344","description":"An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2020-08-05 14:15:00","updated_at":"2023-11-07 03:17:00"},"problem_types":["CWE-190"],"metrics":[],"references":[{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/","name":"FEDORA-2020-cf0afbd27e","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 33 Update: libX11-1.6.12-1.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00014.html","name":"openSUSE-SU-2020:1162","refsource":"SUSE","tags":[],"title":"[security-announce] openSUSE-SU-2020:1162-1: important: Security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.x.org/archives/xorg-announce/2020-July/003050.html","name":"https://lists.x.org/archives/xorg-announce/2020-July/003050.html","refsource":"MISC","tags":["Mailing List","Patch","Vendor Advisory"],"title":"X.Org security advisory: July 31, 2020: libX11","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4VDDSAYV7XGNRCXE7HCU23645MG74OFF/","name":"FEDORA-2020-9a0b272cc1","refsource":"","tags":[],"title":"[SECURITY] Fedora 31 Update: libX11-1.6.12-1.fc31 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4VDDSAYV7XGNRCXE7HCU23645MG74OFF/","name":"FEDORA-2020-9a0b272cc1","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 31 Update: libX11-1.6.12-1.fc31 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/202008-18","name":"GLSA-202008-18","refsource":"GENTOO","tags":[],"title":"X.Org X11 library: Multiple vulnerabilities (GLSA 202008-18) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00031.html","name":"openSUSE-SU-2020:1198","refsource":"SUSE","tags":[],"title":"[security-announce] openSUSE-SU-2020:1198-1: important: Security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00024.html","name":"openSUSE-SU-2020:1182","refsource":"SUSE","tags":[],"title":"[security-announce] openSUSE-SU-2020:1182-1: important: Security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14344","name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14344","refsource":"CONFIRM","tags":["Issue Tracking","Patch","Third Party Advisory"],"title":"1862255 – (CVE-2020-14344) CVE-2020-14344 libX11: Heap overflow in the X input method client","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XY4H2SIEF2362AMNX5ZKWAELGU7LKFJB/","name":"FEDORA-2020-eba554b9d5","refsource":"","tags":[],"title":"[SECURITY] Fedora 32 Update: libX11-1.6.12-1.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/","name":"FEDORA-2020-cf0afbd27e","refsource":"","tags":[],"title":"[SECURITY] Fedora 33 Update: libX11-1.6.12-1.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/4487-1/","name":"USN-4487-1","refsource":"UBUNTU","tags":[],"title":"USN-4487-1: libx11 vulnerabilities | Ubuntu security notices | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.openwall.com/lists/oss-security/2020/07/31/1","name":"https://www.openwall.com/lists/oss-security/2020/07/31/1","refsource":"MISC","tags":["Mailing List","Patch","Third Party Advisory"],"title":"oss-security - Fwd: X.Org security advisory: July 31, 2020: libX11","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XY4H2SIEF2362AMNX5ZKWAELGU7LKFJB/","name":"FEDORA-2020-eba554b9d5","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 32 Update: libX11-1.6.12-1.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00015.html","name":"openSUSE-SU-2020:1164","refsource":"SUSE","tags":[],"title":"[security-announce] openSUSE-SU-2020:1164-1: important: Security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/4487-2/","name":"USN-4487-2","refsource":"UBUNTU","tags":[],"title":"USN-4487-2: libx11 vulnerabilities | Ubuntu security notices | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-14344","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14344","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"14344","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"12.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"-","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"14344","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"14.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"esm","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"14344","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"16.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"esm","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"14344","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"18.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"14344","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"20.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"14344","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"31","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"14344","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"32","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"14344","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"33","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"14344","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"opensuse","cpe5":"leap","cpe6":"15.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"14344","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"opensuse","cpe5":"leap","cpe6":"15.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"14344","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"x.org","cpe5":"libx11","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"14344","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"x.org","cpe5":"libx11","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-14344","qid":"159217","title":"Oracle Enterprise Linux Security Update for userspace graphics, xorg-x11, and mesa (ELSA-2021-1804)"},{"cve":"CVE-2020-14344","qid":"239300","title":"Red Hat Update for userspace graphics, xorg-x11, and mesa (RHSA-2021:1804)"},{"cve":"CVE-2020-14344","qid":"352393","title":"Amazon Linux Security Advisory for libX11: ALAS2-2021-1661"},{"cve":"CVE-2020-14344","qid":"377380","title":"Alibaba Cloud Linux Security Update for userspace graphics, xorg-x11, and mesa (ALINUX3-SA-2022:0087)"},{"cve":"CVE-2020-14344","qid":"377568","title":"Alibaba Cloud Linux Security Update for userspace graphics, xorg-x11, and mesa (ALINUX3-SA-2022:0114)"},{"cve":"CVE-2020-14344","qid":"500333","title":"Alpine Linux Security Update for libx11"},{"cve":"CVE-2020-14344","qid":"504097","title":"Alpine Linux Security Update for libx11"},{"cve":"CVE-2020-14344","qid":"690459","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for libx11 (6faa7feb-d3fa-11ea-9aba-0c9d925bbbc0)"},{"cve":"CVE-2020-14344","qid":"940098","title":"AlmaLinux Security Update for userspace (ALSA-2021:1804)"},{"cve":"CVE-2020-14344","qid":"960449","title":"Rocky Linux Security Update for userspace (RLSA-2021:1804)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2020-14344","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"The X11 Project","product":{"product_data":[{"product_name":"libX11","version":{"version_data":[{"version_value":"1.6.10"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-190"}]}]},"references":{"reference_data":[{"url":"https://lists.x.org/archives/xorg-announce/2020-July/003050.html","refsource":"MISC","name":"https://lists.x.org/archives/xorg-announce/2020-July/003050.html"},{"url":"https://www.openwall.com/lists/oss-security/2020/07/31/1","refsource":"MISC","name":"https://www.openwall.com/lists/oss-security/2020/07/31/1"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14344","name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14344","refsource":"CONFIRM"},{"refsource":"SUSE","name":"openSUSE-SU-2020:1162","url":"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00014.html"},{"refsource":"SUSE","name":"openSUSE-SU-2020:1164","url":"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00015.html"},{"refsource":"SUSE","name":"openSUSE-SU-2020:1182","url":"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00024.html"},{"refsource":"SUSE","name":"openSUSE-SU-2020:1198","url":"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00031.html"},{"refsource":"FEDORA","name":"FEDORA-2020-eba554b9d5","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XY4H2SIEF2362AMNX5ZKWAELGU7LKFJB/"},{"refsource":"GENTOO","name":"GLSA-202008-18","url":"https://security.gentoo.org/glsa/202008-18"},{"refsource":"UBUNTU","name":"USN-4487-1","url":"https://usn.ubuntu.com/4487-1/"},{"refsource":"FEDORA","name":"FEDORA-2020-9a0b272cc1","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4VDDSAYV7XGNRCXE7HCU23645MG74OFF/"},{"refsource":"UBUNTU","name":"USN-4487-2","url":"https://usn.ubuntu.com/4487-2/"},{"refsource":"FEDORA","name":"FEDORA-2020-cf0afbd27e","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7AVXCQOSCAPKYYHFIJAZ6E2C7LJBTLXF/"}]},"description":{"description_data":[{"lang":"eng","value":"An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux."}]},"impact":{"cvss":[[{"vectorString":"6.7/CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","version":"3.0"}]]}},"nvd":{"publishedDate":"2020-08-05 14:15:00","lastModifiedDate":"2023-11-07 03:17:00","problem_types":["CWE-190"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":6.7,"baseSeverity":"MEDIUM"},"exploitabilityScore":0.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":4.6},"severity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:x.org:libx11:*:*:*:*:*:*:*:*","versionEndExcluding":"1.6.10","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"14344","Ordinal":"175574","Title":"CVE-2020-14344","CVE":"CVE-2020-14344","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"14344","Ordinal":"1","NoteData":"An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"14344","Ordinal":"2","NoteData":"2020-08-05","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"14344","Ordinal":"3","NoteData":"2020-09-25","Type":"Other","Title":"Modified"}]}}}