{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-3138", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-02T06:48:07.359Z", "dateReserved": "2023-06-07T00:00:00", "datePublished": "2023-06-28T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-12-08T19:06:17.298140"}, "descriptions": [{"lang": "en", "value": "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption."}], "affected": [{"vendor": "n/a", "product": "libX11", "versions": [{"version": "libX11 1.8.6", "status": "affected"}]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-3138"}, {"url": "https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c"}, {"url": "https://lists.x.org/archives/xorg-announce/2023-June/003406.html"}, {"url": "https://lists.x.org/archives/xorg-announce/2023-June/003407.html"}, {"url": "https://security.netapp.com/advisory/ntap-20231208-0008/"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-119", "cweId": "CWE-119"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:48:07.359Z"}, "title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-3138", "tags": ["x_transferred"]}, {"url": "https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c", "tags": ["x_transferred"]}, {"url": "https://lists.x.org/archives/xorg-announce/2023-June/003406.html", "tags": ["x_transferred"]}, {"url": "https://lists.x.org/archives/xorg-announce/2023-June/003407.html", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20231208-0008/", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:x.org:libx11:*:*:*:*:*:*:*:*", "matchCriteriaId": "A6C1F011-0236-4F70-A3B1-E9E1FEE9EA17", "versionEndExcluding": "1.8.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption."}], "id": "CVE-2023-3138", "lastModified": "2024-11-21T08:16:32.423", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-06-28T21:15:10.247", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-3138"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch"], "url": "https://lists.x.org/archives/xorg-announce/2023-June/003406.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch"], "url": "https://lists.x.org/archives/xorg-announce/2023-June/003407.html"}, {"source": "secalert@redhat.com", "url": "https://security.netapp.com/advisory/ntap-20231208-0008/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-3138"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch"], "url": "https://lists.x.org/archives/xorg-announce/2023-June/003406.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch"], "url": "https://lists.x.org/archives/xorg-announce/2023-June/003407.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20231208-0008/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:7029", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "libX11-0:1.6.8-6.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-11-14T00:00:00Z"}, {"advisory": "RHSA-2024:1417", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "libX11-0:1.6.8-6.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2023:6497", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "libX11-0:1.7.0-8.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-11-07T00:00:00Z"}, {"advisory": "RHSA-2024:1088", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "libX11-0:1.7.0-8.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-03-05T00:00:00Z"}], "bugzilla": {"description": "libX11: InitExt.c can overwrite unintended portions of the Display structure if the extension request leads to a buffer overflow", "id": "2213748", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213748"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H", "status": "verified"}, "cwe": "CWE-787", "details": ["A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-3138", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "libX11", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "libX11", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2023-06-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-3138\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3138\nhttps://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c\nhttps://lists.x.org/archives/xorg-announce/2023-June/003406.html\nhttps://lists.x.org/archives/xorg-announce/2023-June/003407.html"], "statement": "The identified security vulnerability in the libX11 library, categorized with a moderate impact, stems from a lack of bounds checking in certain functions within the library's InitExt.c file. Specifically, these functions do not verify that the values provided for Request, Event, or Error IDs fall within the bounds specified by the X11 protocol. Consequently, if a malicious X server or intermediary manipulates these values, it can trigger memory corruption within the client's Display structure. While this can lead to crashes or instability within the client application, the impact is constrained within the client's memory space and does not directly compromise sensitive data or system resources beyond it. The vulnerability requires specific conditions, such as interaction with a malicious server or intermediary, which limits its practical exploitability.", "threat_severity": "Moderate"}

{}