CVE-2025-49178: Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: unprocessed client request due to bytes to ignore
A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service.
Other sources
Denial-of-Service vulnerability in the X server's request handling. Improper handling of 'bytes to ignore' can cause the server to skip processing valid client requests, leading to service disruption.
— Red Hat
Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: unprocessed client request due to bytes to ignore
— Microsoft
Affected Software
Event History
Frequently Asked Questions
What is the severity of CVE-2025-49178?
CVE-2025-49178 is classified as a denial-of-service vulnerability due to its potential to disrupt service in the X server.
How does CVE-2025-49178 affect the X server and TigerVNC?
CVE-2025-49178 allows a malicious client to exploit non-zero 'bytes to ignore' in their requests, causing the server to skip processing requests from other clients.
What are the potential impacts of CVE-2025-49178?
The primary impact of CVE-2025-49178 is denial of service, which can lead to unavailability for users of the X server and TigerVNC.
How do I mitigate CVE-2025-49178?
To mitigate CVE-2025-49178, ensure that your X server and TigerVNC installations are updated with the latest security patches provided by the vendors.
Are there any known workarounds for CVE-2025-49178?
Currently, there are no officially documented workarounds for CVE-2025-49178, so applying the patches is the recommended course of action.