The overflow would occur when a maliciously crafted string was passed to the function and lead to a crash or potentially arbitrary code execution. An attacker could leverage this vulnerability to execute code in the context of the user running the application, or in the context of the X server if X11 forwarding or remote access were enabled.
PicoC is a small, easy to use and fast Xorg server. It’s possible that attackers could leverage this vulnerability to execute code with system privileges on the affected system.
Additionally, PicoC is a small server with relatively few hardening features. A malicious user with elevated privileges could potentially exploit this vulnerability to gain access to elevated privileges.
Vuln-Tracker ID: 1319056
CVE ID: CVE-2018-10938, CVE-2018-10939, CVE-2018-10940, CVE-2018-10941, CVE-2018-10942, CVE-2018-10943, CVE-2018-10946, CVE-2018-10947, CVE-2018-10948, CVE-2018-10949, CVE-2018-10952, CVE-2018-10953, CVE-2018-10954, CVE-2018-10955, CVE-2018-10956, CVE-2018-10957, CVE-2018-10958, CVE-2018-10959, CVE-2018-10960, CVE-2018-10961, CVE-
Mitigation
The vulnerability can be mitigated by disabling X11 forwarding and remote access.
Vulnerability details
Type: Local
Impact: Elevation of privilege, remote code execution
CVE ID: CVE-2018-10938, CVE-2018-10939, CVE-2018-10940, CVE-2018-10941, CVE-2018-10942, CVE-2018-10943, CVE-2018-10946, CVE-2018-10947, CVE-2018-10948, CVE-2018-10949, CVE-2018
PicoC =
Small, easy to use
PicoC is a small, easy-to-use Xorg server.
Timeline
Published on: 11/08/2022 15:15:00 UTC
Last modified on: 11/08/2022 21:56:00 UTC