Lucene search

[email protected]NVD:CVE-2023-5367

HistoryOct 25, 2023 - 8:15 p.m.

CVE-2023-5367

2023-10-2520:15:18

CWE-787

[email protected]

web.nvd.nist.gov

cve-2023-5367

xorg-x11-server

out-of-bounds write

privilege escalation

denial of service

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

High

EPSS

Percentile

10.7%

JSON

A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.

Affected configurations

Nvd

Node

x.orgx_serverRange<21.1.9

x.orgxwaylandRange<23.2.2

Node

redhatenterprise_linuxMatch7.0

redhatenterprise_linuxMatch8.0

redhatenterprise_linuxMatch9.0

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_for_ibm_z_systemsMatch7.0_s390x

redhatenterprise_linux_for_power_big_endianMatch7.0_ppc64

redhatenterprise_linux_for_power_little_endianMatch7.0_ppc64le

redhatenterprise_linux_for_scientific_computingMatch7.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_workstationMatch7.0

Node

fedoraprojectfedoraMatch37

fedoraprojectfedoraMatch38

fedoraprojectfedoraMatch39

Node

debiandebian_linuxMatch11.0

debiandebian_linuxMatch12.0

VendorProductVersionCPE
x.orgx_server*cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:*
x.orgxwayland*cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:*
redhatenterprise_linux7.0cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
redhatenterprise_linux8.0cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
redhatenterprise_linux9.0cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
redhatenterprise_linux_desktop7.0cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
redhatenterprise_linux_for_ibm_z_systems7.0_s390xcpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:*:*:*:*:*:*:*
redhatenterprise_linux_for_power_big_endian7.0_ppc64cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:*:*:*:*:*:*:*
redhatenterprise_linux_for_power_little_endian7.0_ppc64lecpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0_ppc64le:*:*:*:*:*:*:*
redhatenterprise_linux_for_scientific_computing7.0cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
x.org	x_server	*	cpe:2.3:a:x.org:x_server::::::::
x.org	xwayland	*	cpe:2.3:a:x.org:xwayland::::::::
redhat	enterprise_linux	7.0	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
redhat	enterprise_linux	8.0	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
redhat	enterprise_linux	9.0	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
redhat	enterprise_linux_desktop	7.0	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
redhat	enterprise_linux_for_ibm_z_systems	7.0_s390x	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:::::::*
redhat	enterprise_linux_for_power_big_endian	7.0_ppc64	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:::::::*
redhat	enterprise_linux_for_power_little_endian	7.0_ppc64le	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0_ppc64le:::::::*
redhat	enterprise_linux_for_scientific_computing	7.0	cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:::::::*