Skip to content
This repository has been archived by the owner on Apr 28, 2021. It is now read-only.

"CVE-2013-2063" and "CVE-2016-7951" is detected as a vulnerability in libxt #56

Open
s-miyaza opened this issue Oct 7, 2020 · 0 comments
Open

"CVE-2013-2063" and "CVE-2016-7951" is detected as a vulnerability in libxt #56

s-miyaza opened this issue Oct 7, 2020 · 0 comments

Comments

@s-miyaza
Copy link

s-miyaza commented Oct 7, 2020

The libxtst vulnerability is mistakenly detected as a libxt vulnerability.

    {
      "resource": {
        "format": "apk",
        "name": "libxt",
        "version": "1.2.0-r0",
        "arch": "x86_64",
        "cpe": "pkg:/alpine:3.12.0:libxt:1.2.0-r0",
        "license": "custom",
        "name_hash": "f885026e0a7c2b558706ab9971d3ab56"
      },
      "scanned": true,
      "vulnerabilities": [
        {
          "name": "CVE-2013-2063",
          "description": "Integer overflow in X.org libXtst 1.2.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XRecordGetContext function.",
          "nvd_score": 6.8,
          "nvd_score_version": "CVSS v2",
          "nvd_vectors": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "nvd_severity": "medium",
          "nvd_url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2063",
          "vendor_score": 6.8,
          "vendor_score_version": "CVSS v2",
          "vendor_vectors": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "vendor_severity": "medium",
          "publish_date": "2013-06-15",
          "modification_date": "2013-11-25"
        },
        {
          "name": "CVE-2016-7951",
          "description": "Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks.",
          "nvd_score": 7.5,
          "nvd_score_version": "CVSS v2",
          "nvd_vectors": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "nvd_severity": "high",
          "nvd_url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7951",
          "vendor_score": 7.5,
          "vendor_score_version": "CVSS v2",
          "vendor_vectors": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "vendor_severity": "high",
          "publish_date": "2016-12-13",
          "modification_date": "2020-08-27",
          "nvd_score_v3": 9.8,
          "nvd_vectors_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "nvd_severity_v3": "critical",
          "vendor_score_v3": 9.8,
          "vendor_vectors_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "vendor_severity_v3": "critical"
        }
    }
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@s-miyaza