Vulnerabilidad en X Record (CVE-2025-49179)
Gravedad CVSS v3.1:
ALTA
Tipo:
CWE-190
Desbordamiento o ajuste de enteros
Fecha de publicación:
17/06/2025
Última modificación:
11/12/2025
Descripción
Se encontró una falla en la extensión X Record. La función RecordSanityCheckRegisterClients no verifica si hay un desbordamiento de enteros al calcular la longitud de la solicitud, lo que permite que un cliente omita las verificaciones de longitud.
Impacto
Puntuación base 3.x
7.30
Gravedad 3.x
ALTA
Referencias a soluciones, herramientas e información
- https://access.redhat.com/errata/RHSA-2025:10258
- https://access.redhat.com/errata/RHSA-2025:10342
- https://access.redhat.com/errata/RHSA-2025:10343
- https://access.redhat.com/errata/RHSA-2025:10344
- https://access.redhat.com/errata/RHSA-2025:10346
- https://access.redhat.com/errata/RHSA-2025:10347
- https://access.redhat.com/errata/RHSA-2025:10348
- https://access.redhat.com/errata/RHSA-2025:10349
- https://access.redhat.com/errata/RHSA-2025:10350
- https://access.redhat.com/errata/RHSA-2025:10351
- https://access.redhat.com/errata/RHSA-2025:10352
- https://access.redhat.com/errata/RHSA-2025:10355
- https://access.redhat.com/errata/RHSA-2025:10356
- https://access.redhat.com/errata/RHSA-2025:10360
- https://access.redhat.com/errata/RHSA-2025:10370
- https://access.redhat.com/errata/RHSA-2025:10374
- https://access.redhat.com/errata/RHSA-2025:10375
- https://access.redhat.com/errata/RHSA-2025:10376
- https://access.redhat.com/errata/RHSA-2025:10377
- https://access.redhat.com/errata/RHSA-2025:10378
- https://access.redhat.com/errata/RHSA-2025:10381
- https://access.redhat.com/errata/RHSA-2025:10410
- https://access.redhat.com/errata/RHSA-2025:9303
- https://access.redhat.com/errata/RHSA-2025:9304
- https://access.redhat.com/errata/RHSA-2025:9305
- https://access.redhat.com/errata/RHSA-2025:9306
- https://access.redhat.com/errata/RHSA-2025:9392
- https://access.redhat.com/errata/RHSA-2025:9964
- https://access.redhat.com/security/cve/CVE-2025-49179
- https://bugzilla.redhat.com/show_bug.cgi?id=2369978
- https://gitlab.freedesktop.org/xorg/xserver/-/commit/2bde9ca49a8fd9a1e6697d5e7ef837870d66f5d4
- https://www.x.org/wiki/Development/Security/
- https://lists.debian.org/debian-lts-announce/2025/06/msg00028.html