CVE-2023-6816

A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:x.org:xorg-server:*:*:*:*:*:*:*:*
cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

History

16 Sep 2024, 16:15

Type Values Removed Values Added
References
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/01/18/1', 'tags': ['Mailing List', 'Patch'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html', 'tags': ['Mailing List'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/', 'tags': ['Mailing List'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/', 'tags': ['Mailing List'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/', 'source': 'secalert@redhat.com'}
  • {'url': 'https://security.gentoo.org/glsa/202401-30', 'source': 'secalert@redhat.com'}
  • {'url': 'https://security.netapp.com/advisory/ntap-20240307-0006/', 'source': 'secalert@redhat.com'}

22 May 2024, 17:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:2996 -

30 Apr 2024, 14:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:2169 -
  • () https://access.redhat.com/errata/RHSA-2024:2170 -

07 Mar 2024, 17:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20240307-0006/ -

09 Feb 2024, 02:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/ -

31 Jan 2024, 16:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:0617 -
  • () https://access.redhat.com/errata/RHSA-2024:0629 -
  • () https://access.redhat.com/errata/RHSA-2024:0626 -

31 Jan 2024, 13:15

Type Values Removed Values Added
References
  • () https://security.gentoo.org/glsa/202401-30 -

30 Jan 2024, 22:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:0621 -

30 Jan 2024, 16:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:0597 -
  • () https://access.redhat.com/errata/RHSA-2024:0558 -
  • () https://access.redhat.com/errata/RHSA-2024:0607 -
  • () https://access.redhat.com/errata/RHSA-2024:0614 -
  • () https://access.redhat.com/errata/RHSA-2024:0557 -

26 Jan 2024, 18:50

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
First Time X.org xorg-server
Redhat enterprise Linux Server
X.org
Debian
Fedoraproject
Fedoraproject fedora
Redhat enterprise Linux Desktop
Redhat enterprise Linux Workstation
X.org xwayland
Redhat
Debian debian Linux
References () https://bugzilla.redhat.com/show_bug.cgi?id=2257691 - () https://bugzilla.redhat.com/show_bug.cgi?id=2257691 - Issue Tracking
References () https://access.redhat.com/security/cve/CVE-2023-6816 - () https://access.redhat.com/security/cve/CVE-2023-6816 - Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/ - Mailing List
References () http://www.openwall.com/lists/oss-security/2024/01/18/1 - () http://www.openwall.com/lists/oss-security/2024/01/18/1 - Mailing List, Patch
References () https://access.redhat.com/errata/RHSA-2024:0320 - () https://access.redhat.com/errata/RHSA-2024:0320 - Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/ - Mailing List
References () https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html - () https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html - Mailing List
CWE CWE-787
CPE cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:a:x.org:xorg-server:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

25 Jan 2024, 23:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html -

22 Jan 2024, 15:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:0320 -

22 Jan 2024, 03:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/ -

19 Jan 2024, 04:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/ -

18 Jan 2024, 12:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/01/18/1 -

18 Jan 2024, 05:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-18 05:15

Updated : 2024-09-16 16:15


NVD link : CVE-2023-6816

Mitre link : CVE-2023-6816

CVE.ORG link : CVE-2023-6816


JSON object : View

Products Affected

x.org

  • xwayland
  • xorg-server

debian

  • debian_linux

redhat

  • enterprise_linux_desktop
  • enterprise_linux_server
  • enterprise_linux_workstation

fedoraproject

  • fedora
CWE
CWE-787

Out-of-bounds Write