CVE-2015-0255 - Vulnerability Details

Vendors	Products
Opensuse	Opensuse
Redhat	Enterprise Linux
X.org	Xorg-server

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 6
xorg-x11-server-0:1.15.0-26.el6_6	cpe:/o:redhat:enterprise_linux:6	RHSA-2015:0797	2015-04-10T00:00:00Z
Red Hat Enterprise Linux 7
xorg-x11-server-0:1.15.0-33.el7_1	cpe:/o:redhat:enterprise_linux:7	RHSA-2015:0797	2015-04-10T00:00:00Z

Link	Providers
http://advisories.mageia.org/MGASA-2015-0073.html
http://lists.opensuse.org/opensuse-updates/2015-02/msg00085.html
http://lists.opensuse.org/opensuse-updates/2015-02/msg00086.html
http://rhn.redhat.com/errata/RHSA-2015-0797.html
http://www.debian.org/security/2015/dsa-3160
http://www.mandriva.com/security/advisories?name=MDVSA-2015:119
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.securityfocus.com/bid/72578
http://www.ubuntu.com/usn/USN-2500-1
http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/
https://nvd.nist.gov/vuln/detail/CVE-2015-0255
https://security.gentoo.org/glsa/201504-06
https://www.cve.org/CVERecord?id=CVE-2015-0255

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-02-10T00:00:00", "descriptions": [{"lang": "en", "value": "X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-29T18:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "openSUSE-SU-2015:0337", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00085.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"}, {"name": "GLSA-201504-06", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201504-06"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://advisories.mageia.org/MGASA-2015-0073.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"}, {"name": "72578", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/72578"}, {"name": "MDVSA-2015:119", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:119"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"}, {"name": "DSA-3160", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3160"}, {"name": "USN-2500-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2500-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/"}, {"name": "openSUSE-SU-2015:0338", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00086.html"}, {"name": "RHSA-2015:0797", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0797.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-0255", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "openSUSE-SU-2015:0337", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00085.html"}, {"name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"}, {"name": "GLSA-201504-06", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201504-06"}, {"name": "http://advisories.mageia.org/MGASA-2015-0073.html", "refsource": "CONFIRM", "url": "http://advisories.mageia.org/MGASA-2015-0073.html"}, {"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"}, {"name": "72578", "refsource": "BID", "url": "http://www.securityfocus.com/bid/72578"}, {"name": "MDVSA-2015:119", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:119"}, {"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"}, {"name": "DSA-3160", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3160"}, {"name": "USN-2500-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2500-1"}, {"name": "http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/", "refsource": "CONFIRM", "url": "http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/"}, {"name": "openSUSE-SU-2015:0338", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00086.html"}, {"name": "RHSA-2015:0797", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0797.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T04:03:10.448Z"}, "title": "CVE Program Container", "references": [{"name": "openSUSE-SU-2015:0337", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00085.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"}, {"name": "GLSA-201504-06", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201504-06"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://advisories.mageia.org/MGASA-2015-0073.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"}, {"name": "72578", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/72578"}, {"name": "MDVSA-2015:119", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:119"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"}, {"name": "DSA-3160", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3160"}, {"name": "USN-2500-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2500-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/"}, {"name": "openSUSE-SU-2015:0338", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00086.html"}, {"name": "RHSA-2015:0797", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0797.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-0255", "datePublished": "2015-02-13T15:00:00", "dateReserved": "2014-11-18T00:00:00", "dateUpdated": "2024-08-06T04:03:10.448Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2015-02-10T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2016-12-29T18:57:01 (string)

orgId : 53f830b8-0a3f-465b-8143-3b8a9948e749 (string)

shortName : redhat (string)

}

references : [ »

0 : { »

name : openSUSE-SU-2015:0337 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-updates/2015-02/msg00085.html (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html (string)

}

2 : { »

name : GLSA-201504-06 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

]

url : https://security.gentoo.org/glsa/201504-06 (string)

}

3 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://advisories.mageia.org/MGASA-2015-0073.html (string)

}

4 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html (string)

}

5 : { »

name : 72578 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/72578 (string)

}

6 : { »

name : MDVSA-2015:119 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_MANDRIVA (string)

]

url : http://www.mandriva.com/security/advisories?name=MDVSA-2015:119 (string)

}

7 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html (string)

}

8 : { »

name : DSA-3160 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

]

url : http://www.debian.org/security/2015/dsa-3160 (string)

}

9 : { »

name : USN-2500-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

]

url : http://www.ubuntu.com/usn/USN-2500-1 (string)

}

10 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/ (string)

}

11 : { »

name : openSUSE-SU-2015:0338 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-updates/2015-02/msg00086.html (string)

}

12 : { »

name : RHSA-2015:0797 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2015-0797.html (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : secalert@redhat.com (string)

ID : CVE-2015-0255 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : openSUSE-SU-2015:0337 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-updates/2015-02/msg00085.html (string)

}

1 : { »

name : http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html (string)

refsource : CONFIRM (string)

url : http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html (string)

}

2 : { »

name : GLSA-201504-06 (string)

refsource : GENTOO (string)

url : https://security.gentoo.org/glsa/201504-06 (string)

}

3 : { »

name : http://advisories.mageia.org/MGASA-2015-0073.html (string)

refsource : CONFIRM (string)

url : http://advisories.mageia.org/MGASA-2015-0073.html (string)

}

4 : { »

name : http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html (string)

refsource : CONFIRM (string)

url : http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html (string)

}

5 : { »

name : 72578 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/72578 (string)

}

6 : { »

name : MDVSA-2015:119 (string)

refsource : MANDRIVA (string)

url : http://www.mandriva.com/security/advisories?name=MDVSA-2015:119 (string)

}

7 : { »

name : http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html (string)

refsource : CONFIRM (string)

url : http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html (string)

}

8 : { »

name : DSA-3160 (string)

refsource : DEBIAN (string)

url : http://www.debian.org/security/2015/dsa-3160 (string)

}

9 : { »

name : USN-2500-1 (string)

refsource : UBUNTU (string)

url : http://www.ubuntu.com/usn/USN-2500-1 (string)

}

10 : { »

name : http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/ (string)

refsource : CONFIRM (string)

url : http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/ (string)

}

11 : { »

name : openSUSE-SU-2015:0338 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-updates/2015-02/msg00086.html (string)

}

12 : { »

name : RHSA-2015:0797 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2015-0797.html (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T04:03:10.448Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : openSUSE-SU-2015:0337 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-updates/2015-02/msg00085.html (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html (string)

}

2 : { »

name : GLSA-201504-06 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

2 : x_transferred (string)

]

url : https://security.gentoo.org/glsa/201504-06 (string)

}

3 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://advisories.mageia.org/MGASA-2015-0073.html (string)

}

4 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html (string)

}

5 : { »

name : 72578 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/72578 (string)

}

6 : { »

name : MDVSA-2015:119 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_MANDRIVA (string)

2 : x_transferred (string)

]

url : http://www.mandriva.com/security/advisories?name=MDVSA-2015:119 (string)

}

7 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html (string)

}

8 : { »

name : DSA-3160 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

2 : x_transferred (string)

]

url : http://www.debian.org/security/2015/dsa-3160 (string)

}

9 : { »

name : USN-2500-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

2 : x_transferred (string)

]

url : http://www.ubuntu.com/usn/USN-2500-1 (string)

}

10 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/ (string)

}

11 : { »

name : openSUSE-SU-2015:0338 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-updates/2015-02/msg00086.html (string)

}

12 : { »

name : RHSA-2015:0797 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2015-0797.html (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 53f830b8-0a3f-465b-8143-3b8a9948e749 (string)

assignerShortName : redhat (string)

cveId : CVE-2015-0255 (string)

datePublished : 2015-02-13T15:00:00 (string)

dateReserved : 2014-11-18T00:00:00 (string)

dateUpdated : 2024-08-06T04:03:10.448Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:x.org:xorg-server:*:*:*:*:*:*:*:*", "matchCriteriaId": "801556AD-CFCA-4D77-B96F-A50F0CE164A7", "versionEndIncluding": "1.16.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:x.org:xorg-server:1.17.0:*:*:*:*:*:*:*", "matchCriteriaId": "6EB1AE9F-C293-401A-9B94-1CFCD8643963", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request."}, {"lang": "es", "value": "X.Org Server (tambi\u00e9n conocido como xserver y xorg-server) anterior a 1.16.3 y 1.17.x anterior a 1.17.1 permite a atacantes remotos obtener informaci\u00f3n sensible de la memoria de procesos o causar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un valor de longitud de cadena manipulado en una solicitud XkbSetGeometry."}], "id": "CVE-2015-0255", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-02-13T15:59:09.367", "references": [{"source": "secalert@redhat.com", "url": "http://advisories.mageia.org/MGASA-2015-0073.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00085.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00086.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-0797.html"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2015/dsa-3160"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:119"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/72578"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2500-1"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/"}, {"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/201504-06"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://advisories.mageia.org/MGASA-2015-0073.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00085.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00086.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-0797.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2015/dsa-3160"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:119"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/72578"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2500-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201504-06"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:x.org:xorg-server:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 801556AD-CFCA-4D77-B96F-A50F0CE164A7 (string)

versionEndIncluding : 1.16.3 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:x.org:xorg-server:1.17.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 6EB1AE9F-C293-401A-9B94-1CFCD8643963 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:* (string)

matchCriteriaId : A10BC294-9196-425F-9FB0-B1625465B47F (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 03117DF1-3BEC-4B8D-AD63-DBBDB2126081 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request. (string)

}

1 : { »

lang : es (string)

value : X.Org Server (también conocido como xserver y xorg-server) anterior a 1.16.3 y 1.17.x anterior a 1.17.1 permite a atacantes remotos obtener información sensible de la memoria de procesos o causar una denegación de servicio (caída) a través de un valor de longitud de cadena manipulado en una solicitud XkbSetGeometry. (string)

}

]

id : CVE-2015-0255 (string)

lastModified : 2025-04-12T10:46:40.837 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 6.4 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:N/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 4.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2015-02-13T15:59:09.367 (string)

references : [ »

0 : { »

source : secalert@redhat.com (string)

url : http://advisories.mageia.org/MGASA-2015-0073.html (string)

}

1 : { »

source : secalert@redhat.com (string)

url : http://lists.opensuse.org/opensuse-updates/2015-02/msg00085.html (string)

}

2 : { »

source : secalert@redhat.com (string)

url : http://lists.opensuse.org/opensuse-updates/2015-02/msg00086.html (string)

}

3 : { »

source : secalert@redhat.com (string)

url : http://rhn.redhat.com/errata/RHSA-2015-0797.html (string)

}

4 : { »

source : secalert@redhat.com (string)

url : http://www.debian.org/security/2015/dsa-3160 (string)

}

5 : { »

source : secalert@redhat.com (string)

url : http://www.mandriva.com/security/advisories?name=MDVSA-2015:119 (string)

}

6 : { »

source : secalert@redhat.com (string)

url : http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html (string)

}

7 : { »

source : secalert@redhat.com (string)

url : http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html (string)

}

8 : { »

source : secalert@redhat.com (string)

url : http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html (string)

}

9 : { »

source : secalert@redhat.com (string)

url : http://www.securityfocus.com/bid/72578 (string)

}

10 : { »

source : secalert@redhat.com (string)

url : http://www.ubuntu.com/usn/USN-2500-1 (string)

}

11 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/ (string)

}

12 : { »

source : secalert@redhat.com (string)

url : https://security.gentoo.org/glsa/201504-06 (string)

}

13 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://advisories.mageia.org/MGASA-2015-0073.html (string)

}

14 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.opensuse.org/opensuse-updates/2015-02/msg00085.html (string)

}

15 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.opensuse.org/opensuse-updates/2015-02/msg00086.html (string)

}

16 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://rhn.redhat.com/errata/RHSA-2015-0797.html (string)

}

17 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.debian.org/security/2015/dsa-3160 (string)

}

18 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.mandriva.com/security/advisories?name=MDVSA-2015:119 (string)

}

19 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html (string)

}

20 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html (string)

}

21 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html (string)

}

22 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securityfocus.com/bid/72578 (string)

}

23 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.ubuntu.com/usn/USN-2500-1 (string)

}

24 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/ (string)

}

25 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://security.gentoo.org/glsa/201504-06 (string)

}

]

sourceIdentifier : secalert@redhat.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-200 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"acknowledgement": "This issue was discovered by Olivier Fourdan (Red Hat).", "affected_release": [{"advisory": "RHSA-2015:0797", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xorg-x11-server-0:1.15.0-26.el6_6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2015-04-10T00:00:00Z"}, {"advisory": "RHSA-2015:0797", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "xorg-x11-server-0:1.15.0-33.el7_1", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-04-10T00:00:00Z"}], "bugzilla": {"description": "xorg-x11-server: information leak in the XkbSetGeometry request of X servers", "id": "1189062", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1189062"}, "csaw": false, "cvss": {"cvss_base_score": "3.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:N/A:P", "status": "verified"}, "cwe": "CWE-125", "details": ["X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request.", "A buffer overflow flaw was found in the way the X.Org server handled XkbGetGeometry requests. A malicious, authorized client could use this flaw to disclose portions of the X.Org server memory, or cause the X.Org server to crash using a specially crafted XkbGetGeometry request."], "name": "CVE-2015-0255", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "xorg-x11-server", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2015-02-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-0255\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0255\nhttp://www.x.org/wiki/Development/Security/Advisory-2015-02-10/"], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "threat_severity": "Moderate"}

{

acknowledgement : This issue was discovered by Olivier Fourdan (Red Hat). (string)

affected_release : [ »

0 : { »

advisory : RHSA-2015:0797 (string)

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

package : xorg-x11-server-0:1.15.0-26.el6_6 (string)

product_name : Red Hat Enterprise Linux 6 (string)

release_date : 2015-04-10T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2015:0797 (string)

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

package : xorg-x11-server-0:1.15.0-33.el7_1 (string)

product_name : Red Hat Enterprise Linux 7 (string)

release_date : 2015-04-10T00:00:00Z (string)

}

]

bugzilla : { »

description : xorg-x11-server: information leak in the XkbSetGeometry request of X servers (string)

id : 1189062 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1189062 (string)

}

csaw : false (boolean)

cvss : { »

cvss_base_score : 3.6 (string)

cvss_scoring_vector : AV:L/AC:L/Au:N/C:P/I:N/A:P (string)

status : verified (string)

}

cwe : CWE-125 (string)

details : [ »

0 : X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request. (string)

1 : A buffer overflow flaw was found in the way the X.Org server handled XkbGetGeometry requests. A malicious, authorized client could use this flaw to disclose portions of the X.Org server memory, or cause the X.Org server to crash using a specially crafted XkbGetGeometry request. (string)

]

name : CVE-2015-0255 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:5 (string)

fix_state : Will not fix (string)

package_name : xorg-x11-server (string)

product_name : Red Hat Enterprise Linux 5 (string)

}

]

public_date : 2015-02-10T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2015-0255 https://nvd.nist.gov/vuln/detail/CVE-2015-0255 http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/ (string)

]

statement : Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. (string)

threat_severity : Moderate (string)

}

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object