7.6
CVE-2023-6478
- EPSS 1.63%
- Veröffentlicht 13.12.2023 07:15:31
- Zuletzt bearbeitet 23.06.2026 18:17:38
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Xorg-x11-server: out-of-bounds memory read in rrchangeoutputproperty and rrchangeproviderproperty
A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
X.Org ≫ X Server Version < 21.1.10
Redhat ≫ Enterprise Linux Version6.0
Redhat ≫ Enterprise Linux Version7.0
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Version9.0
Redhat ≫ Enterprise Linux Version7.0
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Version9.0
Redhat ≫ Enterprise Linux Eus Version9.2
Debian ≫ Debian Linux Version10.0
Debian ≫ Debian Linux Version11.0
Debian ≫ Debian Linux Version12.0
Tigervnc ≫ Tigervnc Version-
Redhat ≫ Enterprise Linux Version6.0
Redhat ≫ Enterprise Linux Version7.0
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Version9.0
Redhat ≫ Enterprise Linux Version7.0
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Version9.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.63% | 0.731 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| secalert@redhat.com | 7.6 | 2.8 | 4.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
|
CWE-190 Integer Overflow or Wraparound
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
http://www.openwall.com/lists/oss-security/2023/12/13/1
https://access.redhat.com/errata/RHSA-2024:0010
https://access.redhat.com/errata/RHSA-2024:2169
https://access.redhat.com/errata/RHSA-2024:2170
https://access.redhat.com/errata/RHSA-2024:2995
https://access.redhat.com/errata/RHSA-2024:2996
https://security.gentoo.org/glsa/202401-30
https://access.redhat.com/errata/RHSA-2023:7886
https://access.redhat.com/errata/RHSA-2024:0006
https://access.redhat.com/errata/RHSA-2024:0009
https://access.redhat.com/errata/RHSA-2024:0014
https://access.redhat.com/errata/RHSA-2024:0015
https://access.redhat.com/errata/RHSA-2024:0016
https://access.redhat.com/errata/RHSA-2024:0017
https://access.redhat.com/errata/RHSA-2024:0018
https://access.redhat.com/errata/RHSA-2024:0020
https://lists.x.org/archives/xorg-announce/2023-December/003435.html
https://lists.debian.org/debian-lts-announce/2023/12/msg00008.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6R63Z6GIWM3YUNZRCGFODUXLW3GY2HD6/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7PP47YXKM5ETLCYEF6473R3VFCJ6QT2S/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFHV5KCQ2SVOD4QMCPZ5HC6YL44L7YJD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LJDFWDB7EQVZA45XDP7L5WRSRWS6RVRR/
https://security.netapp.com/advisory/ntap-20240125-0003/
https://www.debian.org/security/2023/dsa-5576
https://access.redhat.com/security/cve/CVE-2023-6478
https://bugzilla.redhat.com/show_bug.cgi?id=2253298
https://gitlab.freedesktop.org/xorg/xserver/-/commit/14f480010a93ff962fef66a16412fafff81ad632
https://access.redhat.com/errata/RHSA-2025:12751