Lucene search
Jan-Niklas SohnZDI-24-012HistoryJan 04, 2024 - 12:00 a.m.
X.Org Server ProcXIChangeProperty Heap-based Buffer Overflow Local Privilege Escalation Vulnerability
2024-01-0400:00:00
Jan-Niklas Sohn
www.zerodayinitiative.com
14
vulnerability
x.org server
privilege escalation
heap-based buffer overflow
xichangedeviceproperty
arbitrary code
root context
local attackers
EPSS
0
Percentile
10.7%
This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the XIChangeDeviceProperty function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root.
Related
nessus
nessus
Fedora 37 : xorg-x11-server-Xwayland (2023-18cb340b28)
2023-11-09 00:00:00
CentOS 7 : xorg-x11-server (RHSA-2023:6802)
2023-12-22 00:00:00
RHEL 8 : tigervnc (RHSA-2023:7405)
2023-11-21 00:00:00
cbl_mariner
cbl_mariner
openvas
openvas
Fedora: Security Advisory (FEDORA-2023-2eb445d52b)
2023-11-07 00:00:00
redhat
redhat
(RHSA-2023:7405) Important: tigervnc security update
2023-11-21 09:47:53
(RHSA-2023:7526) Important: tigervnc security update
2023-11-28 14:35:11
(RHSA-2023:7533) Important: tigervnc security update
2023-11-28 14:44:57
cve
cve
CVE-2023-5367
2023-10-25 20:15:18
prion
prion
Heap overflow
2023-10-25 20:15:00
fedora
fedora
[SECURITY] Fedora 39 Update: xorg-x11-server-Xwayland-23.2.2-1.fc39
2023-11-06 01:30:52
[SECURITY] Fedora 37 Update: xorg-x11-server-Xwayland-22.1.9-3.fc37
2023-11-10 01:13:43
[SECURITY] Fedora 38 Update: xorg-x11-server-Xwayland-22.1.9-3.fc38
2023-10-29 01:35:16
osv
osv
CVE-2023-5367
2023-10-25 20:15:18
xwayland-23.2.2-1.1 on GA media
2024-06-15 00:00:00
xorg-server - security update
2023-10-25 00:00:00
cvelist
cvelist
ubuntucve
ubuntucve
CVE-2023-5367
2023-10-25 00:00:00
nvd
nvd
CVE-2023-5367
2023-10-25 20:15:18
redhatcve
redhatcve
CVE-2023-5367
2023-10-25 19:46:38
alpinelinux
alpinelinux
CVE-2023-5367
2023-10-25 20:15:18
veracode
veracode
Out-of-Bounds Write
2023-10-28 00:48:10
oraclelinux
oraclelinux
xorg-x11-server security update
2023-11-08 00:00:00
tigervnc security update
2023-11-22 00:00:00
tigervnc security update
2024-01-03 00:00:00
debiancve
debiancve
CVE-2023-5367
2023-10-25 20:15:18
freebsd
freebsd
xorg-server -- Multiple vulnerabilities
2023-10-25 00:00:00
debian
debian
[SECURITY] [DLA 3631-1] xorg-server security update
2023-10-25 15:17:02
[SECURITY] [DSA 5534-1] xorg-server security update
2023-10-25 14:45:31
amazon
amazon
Important: xorg-x11-server
2023-11-09 19:19:00
Important: xorg-x11-server
2023-11-10 17:32:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2325
2024-01-23 12:18:22
ubuntu
ubuntu
X.Org X Server vulnerabilities
2023-10-25 00:00:00
X.Org X Server vulnerabilities
2023-10-31 00:00:00
slackware
slackware
[slackware-security] xorg-server
2023-10-26 20:01:09
[slackware-security] tigervnc
2023-11-13 19:27:10
mageia
mageia
Updated tigervnc packages fix security vulnerabilities
2023-11-20 13:04:11
Updated x11-server packages fix security vulnerabilities
2023-11-07 02:08:32
almalinux
almalinux
Important: tigervnc security update
2024-01-02 00:00:00
Moderate: xorg-x11-server-Xwayland security update
2024-05-22 00:00:00
Moderate: xorg-x11-server security update
2024-05-22 00:00:00
redos
redos
ROS-20231114-02
2023-11-14 00:00:00
gentoo
gentoo
X.Org X Server, XWayland: Multiple Vulnerabilities
2024-01-31 00:00:00
ibm
ibm
hp
hp
HP ThinPro 8.1 SP 2 Security Updates
2024-04-12 00:00:00
HP ThinPro 8.0 SP 8 Security Updates
2024-03-01 00:00:00