Published: 28/06/2023 Updated: 08/12/2023

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.

Vulnerable Product	Search on Vulmon	Subscribe to Product
x.org libx11
redhat enterprise linux 8.0
redhat enterprise linux 9.0

Debian Bug report logs - #1038133 libx11: CVE-2023-3138 Package: src:libx11; Maintainer for src:libx11 is Debian X Strike Force <debian-x@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 15 Jun 2023 19:39:02 UTC Severity: grave Tags: security, upstream Found in version libx11/2:18 ...

Gregory James Duck reported that missing input validation in various functions provided by libx11, the X11 client-side library, may result in denial of service For the oldstable distribution (bullseye), this problem has been fixed in version 2:172-1+deb11u1 For the stable distribution (bookworm), this problem has been fixed in version 2:184-2 ...

概要 Important: Updated IBM Business Automation Manager Open Editions 804 SP1 Images タイプ/重大度 Security Advisory: Important トピック An update is now available for IBM Business Automation Manager Open Editions including images for Red Hat OpenShift Container Platform 説明 IBM Business Automation Manager Open Editions is ...

Synopsis Moderate: Migration Toolkit for Runtimes security, bug fix and enhancement update Type/Severity Security Advisory: Moderate Topic Migration Toolkit for Runtimes 124 releaseRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a de ...

Synopsis Low: Logging Subsystem 581- Red Hat OpenShift security update Type/Severity Security Advisory: Low Topic An update is now available for RHOL-58-RHEL-9Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, i ...

Synopsis Low: Logging Subsystem 5710 - Red Hat OpenShift security update Type/Severity Security Advisory: Low Topic Low: Logging Subsystem 5710 - Red Hat OpenShift security updateRed Hat Product Security has rated this update as having a security impact of low A Common Vulnerability Scoring System (CVSS) base score, which gives a detaile ...

Synopsis Moderate: Migration Toolkit for Runtimes bug fix, enhancement and security update Type/Severity Security Advisory: Moderate Topic Migration Toolkit for Runtimes 123 releaseRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a de ...

Synopsis Important: Red Hat Single Sign-On 766 for OpenShift image enhancement and security update Type/Severity Security Advisory: Important Topic A new image is available for Red Hat Single Sign-On 766, running on OpenShift Container Platform 310 and 311, and 43Red Hat Product Security has rated this update as having a security impa ...

Synopsis Moderate: libX11 security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for libX11 is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a secu ...

A vulnerability was found in libX11 The security flaw occurs because the functions in src/InitExtc in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes They trust that they were called with values provided by an Xse ...

DescriptionA vulnerability was found in libX11 The security flaw occurs because the functions in src/InitExtc in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes They trust that they were called with values ...

libX11 - Core X11 protocol client library Documentation for this library can be found in the included man pages, and in the Xlib spec from the specs subdirectory, also available at: wwwxorg/releases/current/doc/libX11/libX11/libX11html wwwxorg/releases/current/doc/libX11/libX11/libX11pdf and the O'Reilly Xlib books, which they have made freely a

CWE-787 https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c https://lists.x.org/archives/xorg-announce/2023-June/003406.html https://access.redhat.com/security/cve/CVE-2023-3138 https://lists.x.org/archives/xorg-announce/2023-June/003407.html https://security.netapp.com/advisory/ntap-20231208-0008/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038133 https://nvd.nist.gov https://www.debian.org/security/2023/dsa-5433

Get Started

CVE-2023-3138

Vulnerability Summary

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect