CVE-2023-6816

CVSS V2 None CVSS V3 None
Description
A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.
Overview
  • CVE ID
  • CVE-2023-6816
  • Assigner
  • redhat
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-01-18T04:31:07.908Z
  • Last Modified Date
  • 2024-05-29T23:08:17.179Z
Weakness Enumerations
CWE URL
CWE-787 http://cwe.mitre.org/data/definitions/787.html
References
Reference URL Reference Tags
http://www.openwall.com/lists/oss-security/2024/01/18/1
https://access.redhat.com/errata/RHSA-2024:0320 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0557 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0558 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0597 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0607 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0614 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0617 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0621 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0626 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0629 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2169 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2170 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2996 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-6816 vdb-entry x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2257691 issue-tracking x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/
https://security.gentoo.org/glsa/202401-30
https://security.netapp.com/advisory/ntap-20240307-0006/
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2023-6816
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6816
History
Created Old Value New Value Data Type Notes
2024-06-25 06:53:30 Added to TrackCVE