Lucene search
AmazonALAS-2023-2356HistoryNov 29, 2023 - 10:19 p.m.
Medium: libX11
2023-11-2922:19:00
alas.aws.amazon.com
7
libx11
vulnerability
denial of service
system resources
cve-2023-43786
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.4 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
Issue Overview:
A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition. (CVE-2023-43786)
Affected Packages:
libX11
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update libX11 to update your system.
New Packages:
aarch64:
libX11-1.6.7-3.amzn2.0.5.aarch64
libX11-devel-1.6.7-3.amzn2.0.5.aarch64
libX11-debuginfo-1.6.7-3.amzn2.0.5.aarch64
i686:
libX11-1.6.7-3.amzn2.0.5.i686
libX11-devel-1.6.7-3.amzn2.0.5.i686
libX11-debuginfo-1.6.7-3.amzn2.0.5.i686
noarch:
libX11-common-1.6.7-3.amzn2.0.5.noarch
src:
libX11-1.6.7-3.amzn2.0.5.src
x86_64:
libX11-1.6.7-3.amzn2.0.5.x86_64
libX11-devel-1.6.7-3.amzn2.0.5.x86_64
libX11-debuginfo-1.6.7-3.amzn2.0.5.x86_64
Additional References
Red Hat: CVE-2023-43786
Mitre: CVE-2023-43786
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 2 | aarch64 | libx11 | < 1.6.7-3.amzn2.0.5 | libX11-1.6.7-3.amzn2.0.5.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | libx11-devel | < 1.6.7-3.amzn2.0.5 | libX11-devel-1.6.7-3.amzn2.0.5.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | libx11-debuginfo | < 1.6.7-3.amzn2.0.5 | libX11-debuginfo-1.6.7-3.amzn2.0.5.aarch64.rpm |
| Amazon Linux | 2 | i686 | libx11 | < 1.6.7-3.amzn2.0.5 | libX11-1.6.7-3.amzn2.0.5.i686.rpm |
| Amazon Linux | 2 | i686 | libx11-devel | < 1.6.7-3.amzn2.0.5 | libX11-devel-1.6.7-3.amzn2.0.5.i686.rpm |
| Amazon Linux | 2 | i686 | libx11-debuginfo | < 1.6.7-3.amzn2.0.5 | libX11-debuginfo-1.6.7-3.amzn2.0.5.i686.rpm |
| Amazon Linux | 2 | noarch | libx11-common | < 1.6.7-3.amzn2.0.5 | libX11-common-1.6.7-3.amzn2.0.5.noarch.rpm |
| Amazon Linux | 2 | x86_64 | libx11 | < 1.6.7-3.amzn2.0.5 | libX11-1.6.7-3.amzn2.0.5.x86_64.rpm |
| Amazon Linux | 2 | x86_64 | libx11-devel | < 1.6.7-3.amzn2.0.5 | libX11-devel-1.6.7-3.amzn2.0.5.x86_64.rpm |
| Amazon Linux | 2 | x86_64 | libx11-debuginfo | < 1.6.7-3.amzn2.0.5 | libX11-debuginfo-1.6.7-3.amzn2.0.5.x86_64.rpm |
Related
cbl_mariner
cbl_mariner
CVE-2023-43786 affecting package libX11 for versions less than 1.8.7-1
2023-11-08 02:07:28
veracode
veracode
Denial Of Service (DoS) Through Infinite Loop
2023-10-12 07:21:34
nessus
nessus
Amazon Linux 2 : libX11 (ALAS-2023-2356)
2023-12-04 00:00:00
Amazon Linux AMI : libX11 (ALAS-2023-1895)
2023-12-05 00:00:00
Amazon Linux 2 : libXpm (ALAS-2024-2389)
2024-01-09 00:00:00
prion
prion
Race condition
2023-10-10 13:15:00
redhatcve
redhatcve
CVE-2023-43786
2023-10-05 07:25:02
nvd
nvd
CVE-2023-43786
2023-10-10 13:15:22
amazon
amazon
alpinelinux
alpinelinux
CVE-2023-43786
2023-10-10 13:15:22
osv
osv
CVE-2023-43786
2023-10-10 13:15:22
CVE-2023-43787
2023-10-10 13:15:22
libx11 - security update
2023-10-05 00:00:00
githubexploit
githubexploit
Exploit for Uncontrolled Resource Consumption in X.Org Libx11
2024-01-16 20:04:05
ubuntucve
ubuntucve
CVE-2023-43786
2023-10-03 00:00:00
cvelist
cvelist
vulnrichment
vulnrichment
debiancve
debiancve
CVE-2023-43786
2023-10-10 13:15:22
cve
cve
CVE-2023-43786
2023-10-10 13:15:22
openvas
openvas
Huawei EulerOS: Security Advisory for libXpm (EulerOS-SA-2024-1200)
2024-02-09 00:00:00
Huawei EulerOS: Security Advisory for libXpm (EulerOS-SA-2024-1472)
2024-03-21 00:00:00
Huawei EulerOS: Security Advisory for libXpm (EulerOS-SA-2024-1180)
2024-02-09 00:00:00
slackware
slackware
[slackware-security] libX11
2023-10-03 22:25:17
mageia
mageia
Updated libX11 packages fix security vulnerabilities
2023-10-14 01:56:51
fedora
fedora
[SECURITY] Fedora 39 Update: libXpm-3.5.17-1.fc39
2023-11-03 18:53:48
[SECURITY] Fedora 39 Update: libX11-1.8.7-1.fc39
2023-10-07 03:24:34
cloudfoundry
cloudfoundry
USN-6407-1: libx11 vulnerabilities | Cloud Foundry
2023-10-05 00:00:00
USN-6407-2: libx11 vulnerabilities | Cloud Foundry
2023-11-09 00:00:00
USN-6408-1: libXpm vulnerabilities | Cloud Foundry
2023-10-05 00:00:00
debian
debian
[SECURITY] [DLA 3602-1] libx11 security update
2023-10-05 10:39:13
[SECURITY] [DSA 5517-1] libx11 security update
2023-10-05 18:18:00
[SECURITY] [DLA 3603-1] libxpm security update
2023-10-05 11:09:57
ubuntu
ubuntu
libx11 vulnerabilities
2023-10-03 00:00:00
libx11 vulnerabilities
2023-10-10 00:00:00
libXpm vulnerabilities
2023-10-23 00:00:00
almalinux
almalinux
Moderate: libX11 security update
2024-05-22 00:00:00
Moderate: libX11 security update
2024-04-30 00:00:00
redhat
redhat
(RHSA-2024:2973) Moderate: libX11 security update
2024-05-22 06:35:14
(RHSA-2024:2145) Moderate: libX11 security update
2024-04-30 06:14:52
freebsd
freebsd
11/libX11 multiple vulnerabilities
2023-09-22 00:00:00
oraclelinux
oraclelinux
libX11 security update
2024-05-02 00:00:00
libX11 security update
2024-05-23 00:00:00
redos
redos
ROS-20231018-04
2023-10-18 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2023-5.0-0112
2023-10-11 00:00:00
Important Photon OS Security Update - PHSA-2023-4.0-0486
2023-10-11 00:00:00
Important Photon OS Security Update - PHSA-2023-3.0-0668
2023-10-12 00:00:00
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.4 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
Related for ALAS-2023-2356