- Description
- Array index error in LightDM (aka Light Display Manager) 1.14.3, 1.16.x before 1.16.6 when the XDMCP server is enabled allows remote attackers to cause a denial of service (process crash) via an XDMCP request packet with no address.
- Source
- security@debian.org
- NVD status
- Modified
CVSS 3.0
- Type
- Primary
- Base score
- 5.9
- Impact score
- 3.6
- Exploitability score
- 2.2
- Vector string
- CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:N/A:P
- nvd@nist.gov
- CWE-129
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lightdm_project:lightdm:1.14.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BB9B548D-EA70-4B95-99BC-83E27A564F79"
},
{
"criteria": "cpe:2.3:a:lightdm_project:lightdm:1.16:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "034FA2A3-B11F-4066-91AB-F9B027A6A085"
},
{
"criteria": "cpe:2.3:a:lightdm_project:lightdm:1.16.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "619A9D1D-36A3-4DA9-95A5-5BD51DE131EE"
},
{
"criteria": "cpe:2.3:a:lightdm_project:lightdm:1.16.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D9D7ADBF-8F5F-4048-93BF-51736E2D2A10"
},
{
"criteria": "cpe:2.3:a:lightdm_project:lightdm:1.16.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "53953612-ACFF-44E1-9921-CAC9C297B7E8"
},
{
"criteria": "cpe:2.3:a:lightdm_project:lightdm:1.16.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "686C89D4-5C3B-4003-AB1C-836E9718F320"
}
],
"operator": "OR"
}
]
}
]