Lucene search
HistoryOct 10, 2023 - 1:15 p.m.
CVE-2023-43786
cve-2023-43786
vulnerability
libx11
putsubimage()
denial of service
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
5.7
Confidence
High
EPSS
0
Percentile
5.1%
A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.
Affected configurations
Node
x.orglibx11Range<1.8.7
Node
redhatenterprise_linuxMatch8.0
ORredhatenterprise_linuxMatch9.0
Node
fedoraprojectfedoraMatch38
CNA Affected
[
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "libX11",
"defaultStatus": "affected",
"versions": [
{
"version": "0:1.6.8-8.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "libX11",
"defaultStatus": "affected",
"versions": [
{
"version": "0:1.7.0-9.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 6",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "libX11",
"defaultStatus": "unknown",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "libX11",
"defaultStatus": "unknown",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
]
}
]References
www.openwall.com/lists/oss-security/2024/01/24/9
access.redhat.com/errata/RHSA-2024:2145
access.redhat.com/errata/RHSA-2024:2973
access.redhat.com/security/cve/CVE-2023-43786
bugzilla.redhat.com/show_bug.cgi?id=2242253
lists.fedoraproject.org/archives/list/[email protected]/message/63IBRFLQVZSMOAZBZOBKFWJP26ILRAGQ/
security.netapp.com/advisory/ntap-20231103-0006/
Social References
More
Related
nessus
nessus
Amazon Linux 2 : libX11 (ALAS-2023-2356)
2023-12-04 00:00:00
Amazon Linux 2 : libXpm (ALAS-2024-2389)
2024-01-09 00:00:00
Amazon Linux AMI : libX11 (ALAS-2023-1895)
2023-12-05 00:00:00
prion
prion
Race condition
2023-10-10 13:15:00
redhatcve
redhatcve
CVE-2023-43786
2023-10-05 07:25:02
amazon
amazon
debiancve
debiancve
CVE-2023-43786
2023-10-10 13:15:22
cbl_mariner
cbl_mariner
CVE-2023-43786 affecting package libX11 for versions less than 1.8.7-1
2023-11-08 02:07:28
veracode
veracode
Denial Of Service (DoS) Through Infinite Loop
2023-10-12 07:21:34
ubuntucve
ubuntucve
CVE-2023-43786
2023-10-03 00:00:00
vulnrichment
vulnrichment
alpinelinux
alpinelinux
CVE-2023-43786
2023-10-10 13:15:22
nvd
nvd
CVE-2023-43786
2023-10-10 13:15:22
cvelist
cvelist
osv
osv
CVE-2023-43786
2023-10-10 13:15:22
CVE-2023-43787
2023-10-10 13:15:22
Moderate: libX11 security update
2024-05-22 00:00:00
githubexploit
githubexploit
Exploit for Uncontrolled Resource Consumption in X.Org Libx11
2024-01-16 20:04:05
openvas
openvas
Huawei EulerOS: Security Advisory for libXpm (EulerOS-SA-2024-1472)
2024-03-21 00:00:00
Huawei EulerOS: Security Advisory for libXpm (EulerOS-SA-2024-1200)
2024-02-09 00:00:00
Huawei EulerOS: Security Advisory for libXpm (EulerOS-SA-2024-1340)
2024-03-13 00:00:00
debian
debian
[SECURITY] [DLA 3602-1] libx11 security update
2023-10-05 10:39:13
[SECURITY] [DSA 5517-1] libx11 security update
2023-10-05 18:18:00
[SECURITY] [DLA 3603-1] libxpm security update
2023-10-05 11:09:57
ubuntu
ubuntu
libx11 vulnerabilities
2023-10-03 00:00:00
libx11 vulnerabilities
2023-10-10 00:00:00
libXpm vulnerabilities
2023-10-23 00:00:00
fedora
fedora
[SECURITY] Fedora 39 Update: libXpm-3.5.17-1.fc39
2023-11-03 18:53:48
[SECURITY] Fedora 39 Update: libX11-1.8.7-1.fc39
2023-10-07 03:24:34
mageia
mageia
Updated libX11 packages fix security vulnerabilities
2023-10-14 01:56:51
cloudfoundry
cloudfoundry
USN-6407-1: libx11 vulnerabilities | Cloud Foundry
2023-10-05 00:00:00
USN-6407-2: libx11 vulnerabilities | Cloud Foundry
2023-11-09 00:00:00
USN-6408-1: libXpm vulnerabilities | Cloud Foundry
2023-10-05 00:00:00
slackware
slackware
[slackware-security] libX11
2023-10-03 22:25:17
freebsd
freebsd
11/libX11 multiple vulnerabilities
2023-09-22 00:00:00
oraclelinux
oraclelinux
libX11 security update
2024-05-02 00:00:00
libX11 security update
2024-05-23 00:00:00
redhat
redhat
(RHSA-2024:2145) Moderate: libX11 security update
2024-04-30 06:14:52
(RHSA-2024:2973) Moderate: libX11 security update
2024-05-22 06:35:14
almalinux
almalinux
Moderate: libX11 security update
2024-04-30 00:00:00
Moderate: libX11 security update
2024-05-22 00:00:00
redos
redos
ROS-20231018-04
2023-10-18 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2023-5.0-0112
2023-10-11 00:00:00
Important Photon OS Security Update - PHSA-2023-4.0-0486
2023-10-11 00:00:00
Important Photon OS Security Update - PHSA-2023-3.0-0668
2023-10-12 00:00:00
gentoo
gentoo
X.Org X11 library: Multiple Vulnerabilities
2024-07-06 00:00:00
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
5.7
Confidence
High
EPSS
0
Percentile
5.1%
Related for CVE-2023-43786