CVE-2021-31535: 
NixOS vulnerability analysis and mitigation

CVE-2021-31535 affects libX11, the core X11 protocol client library, through X11R7.7 and versions before 1.7.1. The vulnerability stems from missing request length checks in the LookupCol.c component, which could allow remote attackers to execute arbitrary code. The issue was discovered in May 2021 and involves insufficient validation of string parameters in XLookupColor() and other X libraries functions (CVE-Mitre, OSS-Security).

The vulnerability exists in the XLookupColor request handling where a client can send color-name requests with a name longer than the maximum size allowed by the protocol. The flaw allows injection of X11 protocol commands when processing overlong color names, similar to SQL injection attacks. The issue specifically occurs because the code does not properly validate the length of string parameters before sending them to the X server (Unparalleled Blog).

When successfully exploited, this vulnerability can allow attackers to inject arbitrary X protocol requests, potentially leading to authentication bypass, denial of service, or execution of arbitrary code. In specific cases, attackers can disable X server authentication completely, allowing unauthorized access to the X server session including keyboard and mouse input data (Red Hat CVE).

The vulnerability was patched in libX11 version 1.7.1 with commit 8d2e02ae650f00c4a53deb625211a0527126c605, which adds proper validation of request data length. Additionally, XTerm version 367 includes mitigation by adding validation for color name lengths. Until patches can be applied, users should avoid using xterm to display untrusted data, particularly from SSH connections to untrusted machines (OSS-Security).