{"api_version":"1","generated_at":"2026-04-23T00:40:45+00:00","cve":"CVE-2022-46340","urls":{"html":"https://cve.report/CVE-2022-46340","api":"https://cve.report/api/cve/CVE-2022-46340.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-46340","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-46340"},"summary":{"title":"CVE-2022-46340","description":"A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2022-12-14 21:15:00","updated_at":"2023-05-30 06:15:00"},"problem_types":["CWE-787"],"metrics":[],"references":[{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/","name":"FEDORA-2022-c3a65f7c65","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 37 Update: xorg-x11-server-1.20.14-11.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/","name":"FEDORA-2022-dd3eb7e0a8","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 36 Update: xorg-x11-server-1.20.14-12.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2151755","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2151755","refsource":"MISC","tags":[],"title":"2151755 – (CVE-2022-46340) CVE-2022-46340 xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.debian.org/security/2022/dsa-5304","name":"DSA-5304","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-5304-1 xorg-server","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWTH3SNJ3GKYDSN7I3QDGWYEPSMWU6EP/","name":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWTH3SNJ3GKYDSN7I3QDGWYEPSMWU6EP/","refsource":"MISC","tags":[],"title":"[SECURITY] Fedora 37 Update: xorg-x11-server-1.20.14-12.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/","name":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/","refsource":"MISC","tags":[],"title":"[SECURITY] Fedora 37 Update: xorg-x11-server-1.20.14-11.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/","name":"FEDORA-2022-721a78b7e5","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 37 Update: xorg-x11-server-Xwayland-22.1.6-1.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/security/cve/CVE-2022-46340","name":"https://access.redhat.com/security/cve/CVE-2022-46340","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/errata/RHSA-2023:0046","name":"https://access.redhat.com/errata/RHSA-2023:0046","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/","name":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/","refsource":"MISC","tags":[],"title":"[SECURITY] Fedora 36 Update: xorg-x11-server-1.20.14-12.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/","name":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/","refsource":"MISC","tags":[],"title":"[SECURITY] Fedora 37 Update: xorg-x11-server-Xwayland-22.1.6-1.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2023:0045","name":"https://access.redhat.com/errata/RHSA-2023:0045","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWTH3SNJ3GKYDSN7I3QDGWYEPSMWU6EP/","name":"FEDORA-2022-3d88188071","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 37 Update: xorg-x11-server-1.20.14-12.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.gentoo.org/glsa/202305-30","name":"https://security.gentoo.org/glsa/202305-30","refsource":"MISC","tags":[],"title":"X.Org X server, XWayland: Multiple Vulnerabilities (GLSA 202305-30) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-46340","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-46340","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"46340","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"11.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"46340","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"36","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"46340","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"37","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"46340","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"6.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"46340","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"46340","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"46340","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"46340","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"x","cpe5":"x.org_x11","cpe6":"1.20.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"46340","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"x.org","cpe5":"x_server","cpe6":"1.20.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-46340","qid":"160370","title":"Oracle Enterprise Linux Security Update for tigervnc (ELSA-2023-0045)"},{"cve":"CVE-2022-46340","qid":"160375","title":"Oracle Enterprise Linux Security Update for xorg-x11-server (ELSA-2023-0046)"},{"cve":"CVE-2022-46340","qid":"160584","title":"Oracle Enterprise Linux Security Update for tigervnc (ELSA-2023-2257)"},{"cve":"CVE-2022-46340","qid":"160631","title":"Oracle Enterprise Linux Security Update for xorg-x11-server (ELSA-2023-2248)"},{"cve":"CVE-2022-46340","qid":"160633","title":"Oracle Enterprise Linux Security Update for xorg-x11-server-xwayland (ELSA-2023-2249)"},{"cve":"CVE-2022-46340","qid":"160654","title":"Oracle Enterprise Linux Security Update for tigervnc (ELSA-2023-2830)"},{"cve":"CVE-2022-46340","qid":"160677","title":"Oracle Enterprise Linux Security Update for xorg-x11-server-xwayland (ELSA-2023-2805)"},{"cve":"CVE-2022-46340","qid":"160679","title":"Oracle Enterprise Linux Security Update for xorg-x11-server (ELSA-2023-2806)"},{"cve":"CVE-2022-46340","qid":"181435","title":"Debian Security Update for xorg-server (DSA 5304-1)"},{"cve":"CVE-2022-46340","qid":"181498","title":"Debian Security Update for xorg-server (DLA 3256-1)"},{"cve":"CVE-2022-46340","qid":"181948","title":"Debian Security Update for xwaylandxorg-server (CVE-2022-46340)"},{"cve":"CVE-2022-46340","qid":"199077","title":"Ubuntu Security Notification for X.Org X Server Vulnerabilities (USN-5778-1)"},{"cve":"CVE-2022-46340","qid":"199494","title":"Ubuntu Security Notification for X.Org X Server Vulnerabilities (USN-5778-2)"},{"cve":"CVE-2022-46340","qid":"241038","title":"Red Hat Update for tigervnc (RHSA-2023:0045)"},{"cve":"CVE-2022-46340","qid":"241039","title":"Red Hat Update for xorg-x11-server (RHSA-2023:0046)"},{"cve":"CVE-2022-46340","qid":"241415","title":"Red Hat Update for xorg-x11-server (RHSA-2023:2248)"},{"cve":"CVE-2022-46340","qid":"241448","title":"Red Hat Update for xorg-x11-server-xwayland (RHSA-2023:2249)"},{"cve":"CVE-2022-46340","qid":"241454","title":"Red Hat Update for tigervnc (RHSA-2023:2257)"},{"cve":"CVE-2022-46340","qid":"241510","title":"Red Hat Update for xorg-x11-server (RHSA-2023:2806)"},{"cve":"CVE-2022-46340","qid":"241514","title":"Red Hat Update for tigervnc (RHSA-2023:2830)"},{"cve":"CVE-2022-46340","qid":"241537","title":"Red Hat Update for xorg-x11-server-xwayland (RHSA-2023:2805)"},{"cve":"CVE-2022-46340","qid":"257215","title":"CentOS Security Update for xorg-x11-server (CESA-2023:0046)"},{"cve":"CVE-2022-46340","qid":"257218","title":"CentOS Security Update for tigervnc (CESA-2023:0045)"},{"cve":"CVE-2022-46340","qid":"283512","title":"Fedora Security Update for xorg (FEDORA-2022-c3a65f7c65)"},{"cve":"CVE-2022-46340","qid":"283535","title":"Fedora Security Update for xorg (FEDORA-2022-721a78b7e5)"},{"cve":"CVE-2022-46340","qid":"283540","title":"Fedora Security Update for xorg (FEDORA-2022-3d88188071)"},{"cve":"CVE-2022-46340","qid":"283559","title":"Fedora Security Update for xorg (FEDORA-2022-dd3eb7e0a8)"},{"cve":"CVE-2022-46340","qid":"354751","title":"Amazon Linux Security Advisory for xorg-x11-server : ALAS-2023-1689"},{"cve":"CVE-2022-46340","qid":"355062","title":"Amazon Linux Security Advisory for xorg-x11-server : AL2012-2023-386"},{"cve":"CVE-2022-46340","qid":"355170","title":"Amazon Linux Security Advisory for xorg-x11-server : ALAS2023-2023-102"},{"cve":"CVE-2022-46340","qid":"377896","title":"Alibaba Cloud Linux Security Update for tigervnc (ALINUX2-SA-2023:0002)"},{"cve":"CVE-2022-46340","qid":"378649","title":"Alibaba Cloud Linux Security Update for xorg-x11-server (ALINUX3-SA-2023:0062)"},{"cve":"CVE-2022-46340","qid":"378653","title":"Alibaba Cloud Linux Security Update for tigervnc (ALINUX3-SA-2023:0063)"},{"cve":"CVE-2022-46340","qid":"379627","title":"Alibaba Cloud Linux Security Update for xorg-x11-server-xwayland (ALINUX3-SA-2024:0044)"},{"cve":"CVE-2022-46340","qid":"502971","title":"Alpine Linux Security Update for xorg-server"},{"cve":"CVE-2022-46340","qid":"502974","title":"Alpine Linux Security Update for xwayland"},{"cve":"CVE-2022-46340","qid":"505838","title":"Alpine Linux Security Update for xorg-server"},{"cve":"CVE-2022-46340","qid":"505841","title":"Alpine Linux Security Update for xwayland"},{"cve":"CVE-2022-46340","qid":"672598","title":"EulerOS Security Update for tigervnc (EulerOS-SA-2023-1340)"},{"cve":"CVE-2022-46340","qid":"672610","title":"EulerOS Security Update for xorg-x11-server (EulerOS-SA-2023-1344)"},{"cve":"CVE-2022-46340","qid":"672786","title":"EulerOS Security Update for xorg-x11-server (EulerOS-SA-2023-1544)"},{"cve":"CVE-2022-46340","qid":"672833","title":"EulerOS Security Update for xorg-x11-server (EulerOS-SA-2023-1569)"},{"cve":"CVE-2022-46340","qid":"672888","title":"EulerOS Security Update for xorg-x11-server (EulerOS-SA-2023-1775)"},{"cve":"CVE-2022-46340","qid":"672938","title":"EulerOS Security Update for xorg-x11-server (EulerOS-SA-2023-1797)"},{"cve":"CVE-2022-46340","qid":"673075","title":"EulerOS Security Update for xorg-x11-server (EulerOS-SA-2023-2180)"},{"cve":"CVE-2022-46340","qid":"673084","title":"EulerOS Security Update for tigervnc (EulerOS-SA-2023-2176)"},{"cve":"CVE-2022-46340","qid":"673169","title":"EulerOS Security Update for xorg-x11-server (EulerOS-SA-2023-2345)"},{"cve":"CVE-2022-46340","qid":"673199","title":"EulerOS Security Update for xorg-x11-server (EulerOS-SA-2023-2325)"},{"cve":"CVE-2022-46340","qid":"691025","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for xorg (9fa7b139-c1e9-409e-bed0-006aadcf5845)"},{"cve":"CVE-2022-46340","qid":"710738","title":"Gentoo Linux X.Org X server, XWayland Multiple Vulnerabilities (GLSA 202305-30)"},{"cve":"CVE-2022-46340","qid":"753006","title":"SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2022:4482-1)"},{"cve":"CVE-2022-46340","qid":"753007","title":"SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2022:4481-1)"},{"cve":"CVE-2022-46340","qid":"753008","title":"SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2022:4479-1)"},{"cve":"CVE-2022-46340","qid":"753009","title":"SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2022:4480-1)"},{"cve":"CVE-2022-46340","qid":"753010","title":"SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2022:4484-1)"},{"cve":"CVE-2022-46340","qid":"753011","title":"SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2022:4483-1)"},{"cve":"CVE-2022-46340","qid":"753750","title":"SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2023:0657-1)"},{"cve":"CVE-2022-46340","qid":"753751","title":"SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2023:0656-1)"},{"cve":"CVE-2022-46340","qid":"753752","title":"SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2023:0655-1)"},{"cve":"CVE-2022-46340","qid":"753762","title":"SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2023:0683-1)"},{"cve":"CVE-2022-46340","qid":"941008","title":"AlmaLinux Security Update for tigervnc (ALSA-2023:2257)"},{"cve":"CVE-2022-46340","qid":"941042","title":"AlmaLinux Security Update for xorg-x11-server (ALSA-2023:2248)"},{"cve":"CVE-2022-46340","qid":"941062","title":"AlmaLinux Security Update for xorg-x11-server-Xwayland (ALSA-2023:2249)"},{"cve":"CVE-2022-46340","qid":"941068","title":"AlmaLinux Security Update for xorg-x11-server (ALSA-2023:2806)"},{"cve":"CVE-2022-46340","qid":"941080","title":"AlmaLinux Security Update for tigervnc (ALSA-2023:2830)"},{"cve":"CVE-2022-46340","qid":"941119","title":"AlmaLinux Security Update for xorg-x11-server-Xwayland (ALSA-2023:2805)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2022-46340","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"stack overflow"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"xorg-x11-server","version":{"version_data":[{"version_affected":"=","version_value":"xorg-x11-server-1.20.4"}]}}]}}]}},"references":{"reference_data":[{"url":"https://access.redhat.com/security/cve/CVE-2022-46340","refsource":"MISC","name":"https://access.redhat.com/security/cve/CVE-2022-46340"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2151755","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2151755"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/","refsource":"MISC","name":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/","refsource":"MISC","name":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/"},{"url":"https://www.debian.org/security/2022/dsa-5304","refsource":"MISC","name":"https://www.debian.org/security/2022/dsa-5304"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWTH3SNJ3GKYDSN7I3QDGWYEPSMWU6EP/","refsource":"MISC","name":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWTH3SNJ3GKYDSN7I3QDGWYEPSMWU6EP/"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/","refsource":"MISC","name":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/"},{"url":"https://security.gentoo.org/glsa/202305-30","refsource":"MISC","name":"https://security.gentoo.org/glsa/202305-30"}]}},"nvd":{"publishedDate":"2022-12-14 21:15:00","lastModifiedDate":"2023-05-30 06:15:00","problem_types":["CWE-787"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:x.org:x_server:1.20.4:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}