CVE-2025-49176
Published: June 18, 2025Last modified: June 25, 2025
Description
A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check.
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.3 |
Attack Vector | LOCAL |
Attack complexity | LOW |
Privileges required | LOW |
User interaction | NONE |
Scope | UNCHANGED |
Confidentiality | LOW |
Integrity impact | HIGH |
Availability impact | HIGH |
Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H |
Notes
Fixed by 21.1.17: https://gitlab.freedesktop.org/xorg/xserver/-/commit/03731b326a80b582e48d939fe62cb1e2b10400d9 Followup 21.1.18: https://gitlab.freedesktop.org/xorg/xserver/-/commit/4fc4d76b2c7aaed61ed2653f997783a3714c4fe1
Status
Product | Release | Package | Status |
---|---|---|---|
Alpaquita Linux | 23 LTS | xorg-server | Fixed (21.1.18-r0) |
Stream | xorg-server | Fixed (21.1.18-r0) |
References
- http://www.openwall.com/lists/oss-security/2025/06/18/2
- https://access.redhat.com/errata/RHSA-2025:10258
- https://access.redhat.com/errata/RHSA-2025:10342
- https://access.redhat.com/errata/RHSA-2025:10343
- https://access.redhat.com/errata/RHSA-2025:10344
- https://access.redhat.com/errata/RHSA-2025:10346
- https://access.redhat.com/errata/RHSA-2025:10347
- https://access.redhat.com/errata/RHSA-2025:10348
- https://access.redhat.com/errata/RHSA-2025:10349
- https://access.redhat.com/errata/RHSA-2025:10350
- https://access.redhat.com/errata/RHSA-2025:10351
- https://access.redhat.com/errata/RHSA-2025:10352
- https://access.redhat.com/errata/RHSA-2025:10355
- https://access.redhat.com/errata/RHSA-2025:10356
- https://access.redhat.com/errata/RHSA-2025:10360
- https://access.redhat.com/errata/RHSA-2025:10370
- https://access.redhat.com/errata/RHSA-2025:10374
- https://access.redhat.com/errata/RHSA-2025:10375
- https://access.redhat.com/errata/RHSA-2025:10376
- https://access.redhat.com/errata/RHSA-2025:10377
- https://access.redhat.com/errata/RHSA-2025:10378
- https://access.redhat.com/errata/RHSA-2025:10381
- https://access.redhat.com/errata/RHSA-2025:10410
- https://access.redhat.com/errata/RHSA-2025:9303
- https://access.redhat.com/errata/RHSA-2025:9304
- https://access.redhat.com/errata/RHSA-2025:9305
- https://access.redhat.com/errata/RHSA-2025:9306
- https://access.redhat.com/errata/RHSA-2025:9392
- https://access.redhat.com/errata/RHSA-2025:9964
- https://access.redhat.com/security/cve/CVE-2025-49176
- https://bugzilla.redhat.com/show_bug.cgi?id=2369954