Showing 1 - 8 of 8

CVE-2023-3138

Status Candidate

Overview

A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.

Related Files

Gentoo Linux Security Advisory 202407-21: Posted Jul 8, 2024; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 202407-21 - Multiple vulnerabilities have been discovered in the X.Org X11 library, the worst of which could lead to a denial of service. Versions greater than or equal to 1.8.7 are affected.; tags | advisory, denial of service, vulnerability; systems | linux, gentoo; advisories | CVE-2022-3554, CVE-2022-3555, CVE-2023-3138, CVE-2023-43785, CVE-2023-43786, CVE-2023-43787; SHA-256 | 7393de6db9c62c6eb63d27cc45ab8025049a8af894e4bedea9041d0aa8fe972f; Download | Favorite | View

Red Hat Security Advisory 2024-1417-03: Posted Mar 20, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-1417-03 - An update for libX11 is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a buffer overflow vulnerability.; tags | advisory, overflow; systems | linux, redhat; advisories | CVE-2023-3138; SHA-256 | 4627c7a7487ab0262383e7cc39cda16e0b4383e40a0e401a69e8700fbac97565; Download | Favorite | View

Red Hat Security Advisory 2024-1088-03: Posted Mar 5, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-1088-03 - An update for libX11 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a buffer overflow vulnerability.; tags | advisory, overflow; systems | linux, redhat; advisories | CVE-2023-3138; SHA-256 | 76f20e7d7dabebae474ab491a8d9ad78edb6b1dd32335eb19a9d8815b65961e0; Download | Favorite | View

Red Hat Security Advisory 2023-7029-01: Posted Nov 15, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-7029-01 - An update for libX11 is now available for Red Hat Enterprise Linux 8. Issues addressed include a buffer overflow vulnerability.; tags | advisory, overflow; systems | linux, redhat; advisories | CVE-2023-3138; SHA-256 | 447164a193df5540fd8b76b86bd489e01cb94e26da736efe2a8fc6df793ec2db; Download | Favorite | View

Red Hat Security Advisory 2023-6497-01: Posted Nov 13, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-6497-01 - An update for libX11 is now available for Red Hat Enterprise Linux 9. Issues addressed include a buffer overflow vulnerability.; tags | advisory, overflow; systems | linux, redhat; advisories | CVE-2023-3138; SHA-256 | 0d211b39acba6895c476f4fef45f1daf9511ddb2ef337703181beaab2e8c3a67; Download | Favorite | View

Debian Security Advisory 5433-1: Posted Jun 21, 2023; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5433-1 - Gregory James Duck reported that missing input validation in various functions provided by libx11, the X11 client-side library, may result in denial of service.; tags | advisory, denial of service; systems | linux, debian; advisories | CVE-2023-3138; SHA-256 | 99cc65c1ad12a278a4a4e25bf0b90ba31d13ff5fd3f7e054cbc9ea208033a4a4; Download | Favorite | View

Ubuntu Security Notice USN-6168-2: Posted Jun 21, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6168-2 - USN-6168-1 fixed a vulnerability in libx11. This update provides the corresponding update for Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 ESM. Gregory James Duck discovered that libx11 incorrectly handled certain Request, Event, or Error IDs. If a user were tricked into connecting to a malicious X Server, a remote attacker could possibly use this issue to cause libx11 to crash, resulting in a denial of service.; tags | advisory, remote, denial of service; systems | linux, ubuntu; advisories | CVE-2023-3138; SHA-256 | cfbed00d12ce5e17e808411a3087316dc771868a1016244059c6b0aef5d4d9c7; Download | Favorite | View

Ubuntu Security Notice USN-6168-1: Posted Jun 16, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6168-1 - Gregory James Duck discovered that libx11 incorrectly handled certain Request, Event, or Error IDs. If a user were tricked into connecting to a malicious X Server, a remote attacker could possibly use this issue to cause libx11 to crash, resulting in a denial of service.; tags | advisory, remote, denial of service; systems | linux, ubuntu; advisories | CVE-2023-3138; SHA-256 | fb33b3eca8869ce783b685384acb922fd56dd96e3d27a63f58e05c1b89544187; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 272 files
Ubuntu 56 files
Debian 19 files
LiquidWorm 18 files
Apple 9 files
Gentoo 5 files
Google Security Research 3 files
Chokri Hammedi 3 files
Alter Prime 3 files
Valentin Lobstein 2 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,163)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,937)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,337)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,979)
UNIX (9,475)
UnixWare (188)
Windows (6,784)
Other

CVE-2023-3138

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems