Lucene search

[email protected]NVD:CVE-2023-5367

HistoryOct 25, 2023 - 8:15 p.m.

CVE-2023-5367

2023-10-2520:15:18

CWE-787

[email protected]

web.nvd.nist.gov

cve-2023-5367

xorg-x11-server

out-of-bounds write

privilege escalation

denial of service

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.9%

JSON

A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.

Affected configurations

NVD

Node

x.orgx_serverRange<21.1.9

x.orgxwaylandRange<23.2.2

Node

redhatenterprise_linuxMatch7.0

redhatenterprise_linuxMatch8.0

redhatenterprise_linuxMatch9.0

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_for_ibm_z_systemsMatch7.0_s390x

redhatenterprise_linux_for_power_big_endianMatch7.0_ppc64

redhatenterprise_linux_for_power_little_endianMatch7.0_ppc64le

redhatenterprise_linux_for_scientific_computingMatch7.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_workstationMatch7.0

Node

fedoraprojectfedoraMatch37

fedoraprojectfedoraMatch38

fedoraprojectfedoraMatch39

Node

debiandebian_linuxMatch11.0

debiandebian_linuxMatch12.0

References

access.redhat.com/errata/RHSA-2023:6802

access.redhat.com/errata/RHSA-2023:6808

access.redhat.com/errata/RHSA-2023:7373

access.redhat.com/errata/RHSA-2023:7388

access.redhat.com/errata/RHSA-2023:7405

access.redhat.com/errata/RHSA-2023:7428

access.redhat.com/errata/RHSA-2023:7436

access.redhat.com/errata/RHSA-2023:7526

access.redhat.com/errata/RHSA-2023:7533

access.redhat.com/errata/RHSA-2024:0010

access.redhat.com/errata/RHSA-2024:0128

access.redhat.com/errata/RHSA-2024:2169

access.redhat.com/errata/RHSA-2024:2170

access.redhat.com/errata/RHSA-2024:2995

access.redhat.com/errata/RHSA-2024:2996

access.redhat.com/security/cve/CVE-2023-5367

bugzilla.redhat.com/show_bug.cgi?id=2243091

lists.fedoraproject.org/archives/list/[email protected]/message/2WS5E7H4A5J3U5YBCTMRPQVGWK5LVH7D/

lists.fedoraproject.org/archives/list/[email protected]/message/3RK66CXMXO3PCPDU3GDY5FK4UYHUXQJT/

lists.fedoraproject.org/archives/list/[email protected]/message/4YBK3I6SETHETBHDETFWM3VSZUQICIDV/

lists.fedoraproject.org/archives/list/[email protected]/message/AKKIE626TZOOPD533EYN47J4RFNHZVOP/

lists.fedoraproject.org/archives/list/[email protected]/message/HO2Q2NP6R62ZRQQG3XQ4AXUT7J2EKKKY/

lists.fedoraproject.org/archives/list/[email protected]/message/L2RMNR4235YXZZQ2X7Q4MTOZDMZ7BBQU/

lists.fedoraproject.org/archives/list/[email protected]/message/SEDJN4VFN57K5POOC7BNVD6L6WUUCSG6/

lists.fedoraproject.org/archives/list/[email protected]/message/SN6KV4XGQJRVAOSM5C3CWMVAXO53COIP/

lists.fedoraproject.org/archives/list/[email protected]/message/TJXNI4BXURC2BKPNAHFJK3C5ZETB7PER/

lists.x.org/archives/xorg-announce/2023-October/003430.html

security.gentoo.org/glsa/202401-30

security.netapp.com/advisory/ntap-20231130-0004/

www.debian.org/security/2023/dsa-5534

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.9%

JSON

Related for NVD:CVE-2023-5367