Lucene search

K

GoogleOSV:USN-6168-2

HistoryJun 20, 2023 - 10:12 a.m.

libx11 vulnerability

2023-06-2010:12:13

Google

osv.dev

7

libx11

vulnerability

usn-6168-1

ubuntu

esm

denial of service

remote attacker

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

41.5%

USN-6168-1 fixed a vulnerability in libx11. This update provides
the corresponding update for Ubuntu 14.04 ESM, Ubuntu 16.04 ESM,
and Ubuntu 18.04 ESM.

Original advisory details:

Gregory James Duck discovered that libx11 incorrectly handled certain
Request, Event, or Error IDs. If a user were tricked into connecting to a
malicious X Server, a remote attacker could possibly use this issue to
cause libx11 to crash, resulting in a denial of service.

References

ubuntu.com/security/CVE-2023-3138

ubuntu.com/security/notices/USN-6168-2

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

41.5%