CVE-2023-6478

EPSS 1.21%
Published 13.12.2023 07:15:31
Last modified 04.08.2025 21:15:27
Source secalert@redhat.com
Teams watchlist Login
Open Login

A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information.

Affected products Warnungen 0 Metrics 3 CWE 1 References 31

Data is provided by the National Vulnerability Database (NVD)

X.Org ≫ X Server Version < 21.1.10

   Redhat ≫ Enterprise Linux Version6.0
   Redhat ≫ Enterprise Linux Version7.0
   Redhat ≫ Enterprise Linux Version8.0
   Redhat ≫ Enterprise Linux Version9.0

X.Org ≫ Xwayland Version < 23.2.3

Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Version9.0

Redhat ≫ Enterprise Linux Eus Version9.2

Debian ≫ Debian Linux Version10.0

Debian ≫ Debian Linux Version11.0

Debian ≫ Debian Linux Version12.0

Tigervnc ≫ Tigervnc Version-

   Redhat ≫ Enterprise Linux Version6.0
   Redhat ≫ Enterprise Linux Version7.0
   Redhat ≫ Enterprise Linux Version8.0
   Redhat ≫ Enterprise Linux Version9.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.21%	0.783

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
secalert@redhat.com	7.6	2.8	4.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

http://www.openwall.com/lists/oss-security/2023/12/13/1

https://access.redhat.com/errata/RHSA-2024:0010

https://access.redhat.com/errata/RHSA-2024:2169

https://access.redhat.com/errata/RHSA-2024:2170

https://access.redhat.com/errata/RHSA-2024:2995

https://access.redhat.com/errata/RHSA-2024:2996

https://security.gentoo.org/glsa/202401-30

https://access.redhat.com/errata/RHSA-2023:7886

Vendor Advisory

https://access.redhat.com/errata/RHSA-2024:0006

https://access.redhat.com/errata/RHSA-2024:0009

https://access.redhat.com/errata/RHSA-2024:0014