CVE-2023-3138

CVSS 3.1 Score 7.5 of 10 (high)

Attack Complexity low
Availability high
Confidentiality none
Integrity none
Scope unchanged
Privileges Required none

Details

Published Jun 28, 2023
Updated: Dec 8, 2023
CWE ID 119
CWE ID 787

Summary

CVE-2023-3138 is a vulnerability affecting libX11, where functions in src/InitExt.c fail to validate Request, Event, or Error IDs, allowing them to be used as array indexes. Malicious servers or proxies can exploit this by providing out-of-bounds IDs, resulting in memory corruption and potentially causing client crashes. Despite the protocol specifying a single byte for these IDs, the data cannot be written outside the Display structure's bounds, limiting the attack surface.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • X.org Libx11
  • Libx11
  • Red Hat Enterprise Linux

Affected Vendors

  • Red Hat
  • X.Org Foundation
  • X.Org