CVE-2025-49179

Public on 2025-06-17
Modified on 2025-06-20
Description
The RecordSanityCheckRegisterClients() function in the X Record extension implementation of the Xserver checks for the request length, but does not check for integer overflow.

A client might send a very large value for either the number of clients or the number of protocol ranges that will cause an integer overflow in the request length computation, defeating the check for request length.
Severity
Medium severity
Medium
See what this means
CVSS v3 Base Score
6.3
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 2 - Core tigervnc 2025-07-10 ALAS2-2025-2917 Fixed
Amazon Linux 2023 tigervnc 2025-07-10 ALAS2023-2025-1060 Fixed
Amazon Linux 1 xorg-x11-server No Fix Planned
Amazon Linux 2 - Core xorg-x11-server 2025-07-10 ALAS2-2025-2918 Fixed
Amazon Linux 2023 xorg-x11-server 2025-07-10 ALAS2023-2025-1061 Fixed
Amazon Linux 2023 xorg-x11-server-Xwayland 2025-07-10 ALAS2023-2025-1062 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
NVD CVSSv3 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H