Lucene search

[email protected]NVD:CVE-2023-6816

HistoryJan 18, 2024 - 5:15 a.m.

CVE-2023-6816

2024-01-1805:15:08

CWE-787

[email protected]

web.nvd.nist.gov

x.org server

devicefocusevent

xiquerypointer

heap overflow

vulnerability

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.004

Percentile

73.8%

JSON

A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device’s particular number of buttons, leading to a heap overflow if a bigger value was used.

Affected configurations

Nvd

Node

x.orgxorg-serverRange<21.1.11

x.orgxwaylandRange<23.2.4

Node

fedoraprojectfedoraMatch39

Node

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_workstationMatch7.0

Node

debiandebian_linuxMatch10.0

VendorProductVersionCPE
x.orgxorg-server*cpe:2.3:a:x.org:xorg-server:*:*:*:*:*:*:*:*
x.orgxwayland*cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:*
fedoraprojectfedora39cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
redhatenterprise_linux_desktop7.0cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
redhatenterprise_linux_server7.0cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
redhatenterprise_linux_workstation7.0cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
debiandebian_linux10.0cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
x.org	xorg-server	*	cpe:2.3:a:x.org:xorg-server::::::::
x.org	xwayland	*	cpe:2.3:a:x.org:xwayland::::::::
fedoraproject	fedora	39	cpe:2.3:o:fedoraproject:fedora:39:::::::*
redhat	enterprise_linux_desktop	7.0	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
redhat	enterprise_linux_server	7.0	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
redhat	enterprise_linux_workstation	7.0	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
debian	debian_linux	10.0	cpe:2.3:o:debian:debian_linux:10.0:::::::*