{"api_version":"1","generated_at":"2026-04-23T00:42:27+00:00","cve":"CVE-2022-46343","urls":{"html":"https://cve.report/CVE-2022-46343","api":"https://cve.report/api/cve/CVE-2022-46343.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-46343","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-46343"},"summary":{"title":"CVE-2022-46343","description":"A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2022-12-14 21:15:00","updated_at":"2023-05-30 06:15:00"},"problem_types":["CWE-416"],"metrics":[],"references":[{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/","name":"FEDORA-2022-c3a65f7c65","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 37 Update: xorg-x11-server-1.20.14-11.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/","name":"FEDORA-2022-dd3eb7e0a8","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 36 Update: xorg-x11-server-1.20.14-12.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.debian.org/security/2022/dsa-5304","name":"DSA-5304","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-5304-1 xorg-server","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/","name":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/","refsource":"MISC","tags":[],"title":"[SECURITY] Fedora 37 Update: xorg-x11-server-1.20.14-11.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2151758","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2151758","refsource":"MISC","tags":[],"title":"2151758 – (CVE-2022-46343) CVE-2022-46343 xorg-x11-server: X.Org Server ScreenSaverSetAttributes use-after-free","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/","name":"FEDORA-2022-721a78b7e5","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 37 Update: xorg-x11-server-Xwayland-22.1.6-1.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/errata/RHSA-2023:0046","name":"https://access.redhat.com/errata/RHSA-2023:0046","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/","name":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/","refsource":"MISC","tags":[],"title":"[SECURITY] Fedora 36 Update: xorg-x11-server-1.20.14-12.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/","name":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/","refsource":"MISC","tags":[],"title":"[SECURITY] Fedora 37 Update: xorg-x11-server-Xwayland-22.1.6-1.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2023:0045","name":"https://access.redhat.com/errata/RHSA-2023:0045","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/202305-30","name":"https://security.gentoo.org/glsa/202305-30","refsource":"MISC","tags":[],"title":"X.Org X server, XWayland: Multiple Vulnerabilities (GLSA 202305-30) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/security/cve/CVE-2022-46343","name":"https://access.redhat.com/security/cve/CVE-2022-46343","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-46343","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-46343","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"46343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"11.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"46343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"36","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"46343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"37","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"46343","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"6.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"46343","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"46343","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"46343","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"46343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"x.org","cpe5":"x_server","cpe6":"1.20.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-46343","qid":"160370","title":"Oracle Enterprise Linux Security Update for tigervnc (ELSA-2023-0045)"},{"cve":"CVE-2022-46343","qid":"160375","title":"Oracle Enterprise Linux Security Update for xorg-x11-server (ELSA-2023-0046)"},{"cve":"CVE-2022-46343","qid":"160584","title":"Oracle Enterprise Linux Security Update for tigervnc (ELSA-2023-2257)"},{"cve":"CVE-2022-46343","qid":"160631","title":"Oracle Enterprise Linux Security Update for xorg-x11-server (ELSA-2023-2248)"},{"cve":"CVE-2022-46343","qid":"160633","title":"Oracle Enterprise Linux Security Update for xorg-x11-server-xwayland (ELSA-2023-2249)"},{"cve":"CVE-2022-46343","qid":"160654","title":"Oracle Enterprise Linux Security Update for tigervnc (ELSA-2023-2830)"},{"cve":"CVE-2022-46343","qid":"160677","title":"Oracle Enterprise Linux Security Update for xorg-x11-server-xwayland (ELSA-2023-2805)"},{"cve":"CVE-2022-46343","qid":"160679","title":"Oracle Enterprise Linux Security Update for xorg-x11-server (ELSA-2023-2806)"},{"cve":"CVE-2022-46343","qid":"181435","title":"Debian Security Update for xorg-server (DSA 5304-1)"},{"cve":"CVE-2022-46343","qid":"181498","title":"Debian Security Update for xorg-server (DLA 3256-1)"},{"cve":"CVE-2022-46343","qid":"182184","title":"Debian Security Update for xwaylandxorg-server (CVE-2022-46343)"},{"cve":"CVE-2022-46343","qid":"199077","title":"Ubuntu Security Notification for X.Org X Server Vulnerabilities (USN-5778-1)"},{"cve":"CVE-2022-46343","qid":"199494","title":"Ubuntu Security Notification for X.Org X Server Vulnerabilities (USN-5778-2)"},{"cve":"CVE-2022-46343","qid":"241038","title":"Red Hat Update for tigervnc (RHSA-2023:0045)"},{"cve":"CVE-2022-46343","qid":"241039","title":"Red Hat Update for xorg-x11-server (RHSA-2023:0046)"},{"cve":"CVE-2022-46343","qid":"241415","title":"Red Hat Update for xorg-x11-server (RHSA-2023:2248)"},{"cve":"CVE-2022-46343","qid":"241448","title":"Red Hat Update for xorg-x11-server-xwayland (RHSA-2023:2249)"},{"cve":"CVE-2022-46343","qid":"241454","title":"Red Hat Update for tigervnc (RHSA-2023:2257)"},{"cve":"CVE-2022-46343","qid":"241510","title":"Red Hat Update for xorg-x11-server (RHSA-2023:2806)"},{"cve":"CVE-2022-46343","qid":"241514","title":"Red Hat Update for tigervnc (RHSA-2023:2830)"},{"cve":"CVE-2022-46343","qid":"241537","title":"Red Hat Update for xorg-x11-server-xwayland (RHSA-2023:2805)"},{"cve":"CVE-2022-46343","qid":"257215","title":"CentOS Security Update for xorg-x11-server (CESA-2023:0046)"},{"cve":"CVE-2022-46343","qid":"257218","title":"CentOS Security Update for tigervnc (CESA-2023:0045)"},{"cve":"CVE-2022-46343","qid":"283512","title":"Fedora Security Update for xorg (FEDORA-2022-c3a65f7c65)"},{"cve":"CVE-2022-46343","qid":"283535","title":"Fedora Security Update for xorg (FEDORA-2022-721a78b7e5)"},{"cve":"CVE-2022-46343","qid":"283559","title":"Fedora Security Update for xorg (FEDORA-2022-dd3eb7e0a8)"},{"cve":"CVE-2022-46343","qid":"354751","title":"Amazon Linux Security Advisory for xorg-x11-server : ALAS-2023-1689"},{"cve":"CVE-2022-46343","qid":"355062","title":"Amazon Linux Security Advisory for xorg-x11-server : AL2012-2023-386"},{"cve":"CVE-2022-46343","qid":"355170","title":"Amazon Linux Security Advisory for xorg-x11-server : ALAS2023-2023-102"},{"cve":"CVE-2022-46343","qid":"377896","title":"Alibaba Cloud Linux Security Update for tigervnc (ALINUX2-SA-2023:0002)"},{"cve":"CVE-2022-46343","qid":"378649","title":"Alibaba Cloud Linux Security Update for xorg-x11-server (ALINUX3-SA-2023:0062)"},{"cve":"CVE-2022-46343","qid":"378653","title":"Alibaba Cloud Linux Security Update for tigervnc (ALINUX3-SA-2023:0063)"},{"cve":"CVE-2022-46343","qid":"379627","title":"Alibaba Cloud Linux Security Update for xorg-x11-server-xwayland (ALINUX3-SA-2024:0044)"},{"cve":"CVE-2022-46343","qid":"502971","title":"Alpine Linux Security Update for xorg-server"},{"cve":"CVE-2022-46343","qid":"502974","title":"Alpine Linux Security Update for xwayland"},{"cve":"CVE-2022-46343","qid":"505838","title":"Alpine Linux Security Update for xorg-server"},{"cve":"CVE-2022-46343","qid":"505841","title":"Alpine Linux Security Update for xwayland"},{"cve":"CVE-2022-46343","qid":"672598","title":"EulerOS Security Update for tigervnc (EulerOS-SA-2023-1340)"},{"cve":"CVE-2022-46343","qid":"672610","title":"EulerOS Security Update for xorg-x11-server (EulerOS-SA-2023-1344)"},{"cve":"CVE-2022-46343","qid":"672786","title":"EulerOS Security Update for xorg-x11-server (EulerOS-SA-2023-1544)"},{"cve":"CVE-2022-46343","qid":"672833","title":"EulerOS Security Update for xorg-x11-server (EulerOS-SA-2023-1569)"},{"cve":"CVE-2022-46343","qid":"672888","title":"EulerOS Security Update for xorg-x11-server (EulerOS-SA-2023-1775)"},{"cve":"CVE-2022-46343","qid":"672938","title":"EulerOS Security Update for xorg-x11-server (EulerOS-SA-2023-1797)"},{"cve":"CVE-2022-46343","qid":"673075","title":"EulerOS Security Update for xorg-x11-server (EulerOS-SA-2023-2180)"},{"cve":"CVE-2022-46343","qid":"673084","title":"EulerOS Security Update for tigervnc (EulerOS-SA-2023-2176)"},{"cve":"CVE-2022-46343","qid":"673169","title":"EulerOS Security Update for xorg-x11-server (EulerOS-SA-2023-2345)"},{"cve":"CVE-2022-46343","qid":"673199","title":"EulerOS Security Update for xorg-x11-server (EulerOS-SA-2023-2325)"},{"cve":"CVE-2022-46343","qid":"691025","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for xorg (9fa7b139-c1e9-409e-bed0-006aadcf5845)"},{"cve":"CVE-2022-46343","qid":"710738","title":"Gentoo Linux X.Org X server, XWayland Multiple Vulnerabilities (GLSA 202305-30)"},{"cve":"CVE-2022-46343","qid":"753006","title":"SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2022:4482-1)"},{"cve":"CVE-2022-46343","qid":"753007","title":"SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2022:4481-1)"},{"cve":"CVE-2022-46343","qid":"753008","title":"SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2022:4479-1)"},{"cve":"CVE-2022-46343","qid":"753009","title":"SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2022:4480-1)"},{"cve":"CVE-2022-46343","qid":"753010","title":"SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2022:4484-1)"},{"cve":"CVE-2022-46343","qid":"753011","title":"SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2022:4483-1)"},{"cve":"CVE-2022-46343","qid":"941008","title":"AlmaLinux Security Update for tigervnc (ALSA-2023:2257)"},{"cve":"CVE-2022-46343","qid":"941042","title":"AlmaLinux Security Update for xorg-x11-server (ALSA-2023:2248)"},{"cve":"CVE-2022-46343","qid":"941062","title":"AlmaLinux Security Update for xorg-x11-server-Xwayland (ALSA-2023:2249)"},{"cve":"CVE-2022-46343","qid":"941068","title":"AlmaLinux Security Update for xorg-x11-server (ALSA-2023:2806)"},{"cve":"CVE-2022-46343","qid":"941080","title":"AlmaLinux Security Update for tigervnc (ALSA-2023:2830)"},{"cve":"CVE-2022-46343","qid":"941119","title":"AlmaLinux Security Update for xorg-x11-server-Xwayland (ALSA-2023:2805)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2022-46343","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"use-after-free"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"xorg-x11-server","version":{"version_data":[{"version_affected":"=","version_value":"xorg-x11-server-1.20.4"}]}}]}}]}},"references":{"reference_data":[{"url":"https://access.redhat.com/security/cve/CVE-2022-46343","refsource":"MISC","name":"https://access.redhat.com/security/cve/CVE-2022-46343"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2151758","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2151758"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/","refsource":"MISC","name":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/","refsource":"MISC","name":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/"},{"url":"https://www.debian.org/security/2022/dsa-5304","refsource":"MISC","name":"https://www.debian.org/security/2022/dsa-5304"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/","refsource":"MISC","name":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/"},{"url":"https://security.gentoo.org/glsa/202305-30","refsource":"MISC","name":"https://security.gentoo.org/glsa/202305-30"}]}},"nvd":{"publishedDate":"2022-12-14 21:15:00","lastModifiedDate":"2023-05-30 06:15:00","problem_types":["CWE-416"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:x.org:x_server:1.20.4:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}