7.8

CVE-2023-5367

EPSS 0.06%
Veröffentlicht 25.10.2023 20:15:18
Zuletzt bearbeitet 04.11.2025 20:17:13
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Xorg-x11-server: out-of-bounds write in xichangedeviceproperty/rrchangeoutputproperty

A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 35

NVD 17 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

X.Org ≫ X Server Version < 21.1.9

X.Org ≫ Xwayland Version < 23.2.2

Redhat ≫ Enterprise Linux Version7.0

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Version9.0

Redhat ≫ Enterprise Linux Desktop Version7.0

Redhat ≫ Enterprise Linux For Ibm Z Systems Version7.0_s390x

Redhat ≫ Enterprise Linux For Power Big Endian Version7.0_ppc64

Redhat ≫ Enterprise Linux For Power Little Endian Version7.0_ppc64le

Redhat ≫ Enterprise Linux For Scientific Computing Version7.0

Redhat ≫ Enterprise Linux Server Version7.0

Redhat ≫ Enterprise Linux Workstation Version7.0

Fedoraproject ≫ Fedora Version37

Fedoraproject ≫ Fedora Version38

Fedoraproject ≫ Fedora Version39

Debian ≫ Debian Linux Version11.0

Debian ≫ Debian Linux Version12.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.199

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
secalert@redhat.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://access.redhat.com/errata/RHSA-2023:6802

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:6808

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7373

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7388

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7405

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7428

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7436

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7526

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7533

Third Party Advisory

https://access.redhat.com/errata/RHSA-2024:0010

Third Party Advisory

https://access.redhat.com/errata/RHSA-2024:0128

Third Party Advisory

https://access.redhat.com/errata/RHSA-2024:2169

https://access.redhat.com/errata/RHSA-2024:2170

https://access.redhat.com/errata/RHSA-2024:2995

https://access.redhat.com/errata/RHSA-2024:2996

https://access.redhat.com/security/cve/CVE-2023-5367

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2243091

Third Party Advisory

Issue Tracking

https://lists.x.org/archives/xorg-announce/2023-October/003430.html

Patch

Vendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WS5E7H4A5J3U5YBCTMRPQVGWK5LVH7D/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3RK66CXMXO3PCPDU3GDY5FK4UYHUXQJT/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4YBK3I6SETHETBHDETFWM3VSZUQICIDV/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKKIE626TZOOPD533EYN47J4RFNHZVOP/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO2Q2NP6R62ZRQQG3XQ4AXUT7J2EKKKY/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L2RMNR4235YXZZQ2X7Q4MTOZDMZ7BBQU/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SEDJN4VFN57K5POOC7BNVD6L6WUUCSG6/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN6KV4XGQJRVAOSM5C3CWMVAXO53COIP/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJXNI4BXURC2BKPNAHFJK3C5ZETB7PER/

https://security.gentoo.org/glsa/202401-30

https://security.netapp.com/advisory/ntap-20231130-0004/

https://www.debian.org/security/2023/dsa-5534

https://access.redhat.com/errata/RHSA-2025:12751

https://lists.debian.org/debian-lts-announce/2023/10/msg00036.html

https://nvd.nist.gov/vuln/detail/CVE-2023-5367

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-5367

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-5367

EUVD