xorg-x11-server: denial of service
| Package(s): | xorg-x11-server | CVE #(s): | |||||
| Created: | July 5, 2013 | Updated: | July 10, 2013 | ||||
| Description: | From the openSUSE bug report: If a client sends a request larger than maxBigRequestSize, the server is supposed to ignore it. Before commit cf88363d, the server would simply disconnect the client. After that commit, it attempts to gracefully ignore the request by remembering how long the client specified the request to be, and ignoring that many bytes. However, if a client sends a BigReq header with a large size and disconnects before actually sending the rest of the specified request, the server will reuse the ConnectionInput buffer without resetting the ignoreBytes field. This makes the server ignore new X clients' requests. | ||||||
| Alerts: |
| ||||||