CVE-2023-43785Out-of-bounds Write in Libx11

CWE-787Out-of-bounds WriteCWE-125Out-of-bounds Read13 documents9 sources
Severity
5.5MEDIUMNVD
CNA6.5
EPSS
0.1%
top 72.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
X.org Libx11Fedoraproject FedoraRedhat Enterprise Linux
Timeline
PublishedOct 10

Description

A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDx.org/libx11< 1.8.7
Debianx.org/libx11< 2:1.7.2-1+deb11u2+3
Ubuntux.org/libx11< 2:1.6.9-2ubuntu1.6+1

Also affects: Fedora 38, Enterprise Linux 8.0, 9.0

🔴Vulnerability Details

5
CVEList
Libx11: out-of-bounds memory access in _xkbreadkeysyms()2023-10-10
OSV
CVE-2023-43785: A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function2023-10-10
GHSA
GHSA-9368-fgh5-gh2f: A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function2023-10-10
OSV
libx11 vulnerabilities2023-10-10
OSV
libx11 vulnerabilities2023-10-03

📋Vendor Advisories

7
Microsoft
Libx11: out-of-bounds memory access in _xkbreadkeysyms()2023-10-10
Ubuntu
libx11 vulnerabilities2023-10-10
Red Hat
libX11: out-of-bounds memory access in _XkbReadKeySyms()2023-10-04
BSD
OpenBSD 7.2 Errata 039: SECURITY FIX2023-10-03
Ubuntu
libx11 vulnerabilities2023-10-03
CVE-2023-43785 — Out-of-bounds Write in X.org Libx11 | cvebase