7.8

CVE-2023-5367

Xorg-x11-server: out-of-bounds write in xichangedeviceproperty/rrchangeoutputproperty

A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
X.OrgX Server Version < 21.1.9
X.OrgXwayland Version < 23.2.2
RedhatEnterprise Linux Version7.0
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Version9.0
FedoraprojectFedora Version37
FedoraprojectFedora Version38
FedoraprojectFedora Version39
DebianDebian Linux Version11.0
DebianDebian Linux Version12.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.62% 0.449
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
secalert@redhat.com 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://access.redhat.com/errata/RHSA-2023:6802
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6808
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7373
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7388
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7405
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7428
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7436
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7526
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7533
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0010
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0128
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:2169
https://access.redhat.com/errata/RHSA-2024:2170
https://access.redhat.com/errata/RHSA-2024:2995
https://access.redhat.com/errata/RHSA-2024:2996
https://access.redhat.com/security/cve/CVE-2023-5367
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2243091
Third Party Advisory
Issue Tracking
https://lists.x.org/archives/xorg-announce/2023-October/003430.html
Patch
Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WS5E7H4A5J3U5YBCTMRPQVGWK5LVH7D/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3RK66CXMXO3PCPDU3GDY5FK4UYHUXQJT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4YBK3I6SETHETBHDETFWM3VSZUQICIDV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKKIE626TZOOPD533EYN47J4RFNHZVOP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO2Q2NP6R62ZRQQG3XQ4AXUT7J2EKKKY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L2RMNR4235YXZZQ2X7Q4MTOZDMZ7BBQU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SEDJN4VFN57K5POOC7BNVD6L6WUUCSG6/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN6KV4XGQJRVAOSM5C3CWMVAXO53COIP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJXNI4BXURC2BKPNAHFJK3C5ZETB7PER/
https://security.gentoo.org/glsa/202401-30
https://security.netapp.com/advisory/ntap-20231130-0004/
https://www.debian.org/security/2023/dsa-5534
https://access.redhat.com/errata/RHSA-2025:12751
https://lists.debian.org/debian-lts-announce/2023/10/msg00036.html