A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
07 Mar 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 Feb 2024, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Feb 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
CWE |
31 Jan 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
31 Jan 2024, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Jan 2024, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Jan 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Jan 2024, 18:50
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-787 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
First Time |
Debian
X.org Redhat enterprise Linux Desktop Redhat enterprise Linux Server Redhat X.org xwayland Debian debian Linux Fedoraproject fedora X.org xorg-server Fedoraproject Redhat enterprise Linux Workstation |
|
References | () http://www.openwall.com/lists/oss-security/2024/01/18/1 - Mailing List, Patch | |
References | () https://access.redhat.com/errata/RHSA-2024:0320 - Third Party Advisory | |
References | () https://access.redhat.com/security/cve/CVE-2023-6816 - Third Party Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2257691 - Issue Tracking | |
References | () https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html - Mailing List | |
References | () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/ - Mailing List | |
References | () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/ - Mailing List | |
CPE | cpe:2.3:a:x.org:xorg-server:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:* |
25 Jan 2024, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Jan 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Jan 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
19 Jan 2024, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
18 Jan 2024, 12:15
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
References |
|
18 Jan 2024, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-18 05:15
Updated : 2024-03-07 17:15
NVD link : CVE-2023-6816
Mitre link : CVE-2023-6816
CVE.ORG link : CVE-2023-6816
JSON object : View
Products Affected
x.org
- xwayland
- xorg-server
debian
- debian_linux
fedoraproject
- fedora
redhat
- enterprise_linux_server
- enterprise_linux_workstation
- enterprise_linux_desktop
CWE
CWE-787
Out-of-bounds Write