exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

CVE-2023-3138

Status Candidate

Overview

A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.

Related Files

Gentoo Linux Security Advisory 202407-21
Posted Jul 8, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202407-21 - Multiple vulnerabilities have been discovered in the X.Org X11 library, the worst of which could lead to a denial of service. Versions greater than or equal to 1.8.7 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2022-3554, CVE-2022-3555, CVE-2023-3138, CVE-2023-43785, CVE-2023-43786, CVE-2023-43787
SHA-256 | 7393de6db9c62c6eb63d27cc45ab8025049a8af894e4bedea9041d0aa8fe972f
Red Hat Security Advisory 2024-1417-03
Posted Mar 20, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1417-03 - An update for libX11 is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2023-3138
SHA-256 | 4627c7a7487ab0262383e7cc39cda16e0b4383e40a0e401a69e8700fbac97565
Red Hat Security Advisory 2024-1088-03
Posted Mar 5, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1088-03 - An update for libX11 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2023-3138
SHA-256 | 76f20e7d7dabebae474ab491a8d9ad78edb6b1dd32335eb19a9d8815b65961e0
Red Hat Security Advisory 2023-7029-01
Posted Nov 15, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7029-01 - An update for libX11 is now available for Red Hat Enterprise Linux 8. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2023-3138
SHA-256 | 447164a193df5540fd8b76b86bd489e01cb94e26da736efe2a8fc6df793ec2db
Red Hat Security Advisory 2023-6497-01
Posted Nov 13, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-6497-01 - An update for libX11 is now available for Red Hat Enterprise Linux 9. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2023-3138
SHA-256 | 0d211b39acba6895c476f4fef45f1daf9511ddb2ef337703181beaab2e8c3a67
Debian Security Advisory 5433-1
Posted Jun 21, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5433-1 - Gregory James Duck reported that missing input validation in various functions provided by libx11, the X11 client-side library, may result in denial of service.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2023-3138
SHA-256 | 99cc65c1ad12a278a4a4e25bf0b90ba31d13ff5fd3f7e054cbc9ea208033a4a4
Ubuntu Security Notice USN-6168-2
Posted Jun 21, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6168-2 - USN-6168-1 fixed a vulnerability in libx11. This update provides the corresponding update for Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 ESM. Gregory James Duck discovered that libx11 incorrectly handled certain Request, Event, or Error IDs. If a user were tricked into connecting to a malicious X Server, a remote attacker could possibly use this issue to cause libx11 to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2023-3138
SHA-256 | cfbed00d12ce5e17e808411a3087316dc771868a1016244059c6b0aef5d4d9c7
Ubuntu Security Notice USN-6168-1
Posted Jun 16, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6168-1 - Gregory James Duck discovered that libx11 incorrectly handled certain Request, Event, or Error IDs. If a user were tricked into connecting to a malicious X Server, a remote attacker could possibly use this issue to cause libx11 to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2023-3138
SHA-256 | fb33b3eca8869ce783b685384acb922fd56dd96e3d27a63f58e05c1b89544187
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    69 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close