Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-6816

A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.

Published

2024-01-18T05:15:08.607

Last Modified

2024-11-21T08:44:37.033

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Secondary
CWE-787
Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	x.org	xorg-server	< 21.1.11	Yes
Application	x.org	xwayland	< 23.2.4	Yes
Operating System	fedoraproject	fedora	39	Yes
Operating System	redhat	enterprise_linux_desktop	7.0	Yes
Operating System	redhat	enterprise_linux_server	7.0	Yes
Operating System	redhat	enterprise_linux_workstation	7.0	Yes
Operating System	debian	debian_linux	10.0	Yes

References

https://access.redhat.com/errata/RHSA-2024:0320 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2024:0557 ([email protected])
https://access.redhat.com/errata/RHSA-2024:0558 ([email protected])
https://access.redhat.com/errata/RHSA-2024:0597 ([email protected])
https://access.redhat.com/errata/RHSA-2024:0607 ([email protected])
https://access.redhat.com/errata/RHSA-2024:0614 ([email protected])
https://access.redhat.com/errata/RHSA-2024:0617 ([email protected])
https://access.redhat.com/errata/RHSA-2024:0621 ([email protected])
https://access.redhat.com/errata/RHSA-2024:0626 ([email protected])
https://access.redhat.com/errata/RHSA-2024:0629 ([email protected])
https://access.redhat.com/errata/RHSA-2024:2169 ([email protected])
https://access.redhat.com/errata/RHSA-2024:2170 ([email protected])
https://access.redhat.com/errata/RHSA-2024:2996 ([email protected])
https://access.redhat.com/security/cve/CVE-2023-6816 Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2257691 Issue Tracking ([email protected])
http://www.openwall.com/lists/oss-security/2024/01/18/1 (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2024:0320 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2024:0557 (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2024:0558 (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2024:0597 (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2024:0607 (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2024:0614 (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2024:0617 (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2024:0621 (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2024:0626 (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2024:0629 (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2024:2169 (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2024:2170 (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2024:2996 (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/security/cve/CVE-2023-6816 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=2257691 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/ (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202401-30 (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20240307-0006/ (af854a3a-2127-422b-91ae-364da2661108)