CVE-2017-13723Improper Restriction of Operations within the Bounds of a Memory Buffer in X Server

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents8 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 66.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
X.org Xorg-serverX.org X ServerDebian Linux
Timeline
PublishedOct 10
Latest updateMay 14

Description

In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbcomp.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

Debianx.org/xorg-server< 2:1.19.4-1+3
NVDx.org/x_server1.19.3

Also affects: Debian Linux 8.0, 9.0

🔴Vulnerability Details

4
GHSA
GHSA-w3w2-h9f5-hrg7: In X2022-05-14
OSV
xorg-server, xorg-server-hwe-16.04, xorg-server-lts-xenial vulnerabilities2017-10-12
OSV
CVE-2017-13723: In X2017-10-10
CVEList
CVE-2017-13723: In X2017-10-09

📋Vendor Advisories

3
Ubuntu
X.Org X server vulnerabilities2017-10-12
Red Hat
xorg-x11-server: Global buffer overflow in xkbtext.c2017-10-04
Debian
CVE-2017-13723: xorg-server - In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker au...2017

💬Community

2
Bugzilla
CVE-2017-13721 CVE-2017-13723 xorg-x11-server: various flaws [fedora-all]2017-10-10
Bugzilla
CVE-2017-13723 xorg-x11-server: Global buffer overflow in xkbtext.c2017-10-10
CVE-2017-13723 — X.org X Server vulnerability | cvebase