A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
16 Sep 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 May 2024, 17:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Apr 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Mar 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 Feb 2024, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
31 Jan 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
31 Jan 2024, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Jan 2024, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Jan 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Jan 2024, 18:50
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
First Time |
X.org xorg-server
Redhat enterprise Linux Server X.org Debian Fedoraproject Fedoraproject fedora Redhat enterprise Linux Desktop Redhat enterprise Linux Workstation X.org xwayland Redhat Debian debian Linux |
|
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2257691 - Issue Tracking | |
References | () https://access.redhat.com/security/cve/CVE-2023-6816 - Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/ - Mailing List | |
References | () http://www.openwall.com/lists/oss-security/2024/01/18/1 - Mailing List, Patch | |
References | () https://access.redhat.com/errata/RHSA-2024:0320 - Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/ - Mailing List | |
References | () https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html - Mailing List | |
CWE | CWE-787 | |
CPE | cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:a:x.org:xorg-server:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* |
25 Jan 2024, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Jan 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Jan 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
19 Jan 2024, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
18 Jan 2024, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
18 Jan 2024, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-18 05:15
Updated : 2024-09-16 16:15
NVD link : CVE-2023-6816
Mitre link : CVE-2023-6816
CVE.ORG link : CVE-2023-6816
JSON object : View
Products Affected
x.org
- xwayland
- xorg-server
debian
- debian_linux
redhat
- enterprise_linux_desktop
- enterprise_linux_server
- enterprise_linux_workstation
fedoraproject
- fedora
CWE
CWE-787
Out-of-bounds Write