{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6816", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2023-12-14T04:34:38.017Z", "datePublished": "2024-01-18T04:31:07.908Z", "dateUpdated": "2024-09-16T15:30:29.009Z"}, "containers": {"cna": {"title": "Xorg-x11-server: heap buffer overflow in devicefocusevent and procxiquerypointer", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "xorg-x11-server", "defaultStatus": "affected", "versions": [{"version": "0:1.20.4-27.el7_9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:7::computenode", "cpe:/o:redhat:enterprise_linux:7::workstation", "cpe:/o:redhat:enterprise_linux:7::client", "cpe:/o:redhat:enterprise_linux:7::server"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tigervnc", "defaultStatus": "affected", "versions": [{"version": "0:1.8.0-31.el7_9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:7::computenode", "cpe:/o:redhat:enterprise_linux:7::workstation", "cpe:/o:redhat:enterprise_linux:7::client", "cpe:/o:redhat:enterprise_linux:7::server"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tigervnc", "defaultStatus": "affected", "versions": [{"version": "0:1.13.1-2.el8_9.7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "xorg-x11-server-Xwayland", "defaultStatus": "affected", "versions": [{"version": "0:21.1.3-15.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tigervnc", "defaultStatus": "affected", "versions": [{"version": "0:1.9.0-15.el8_2.9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tigervnc", "defaultStatus": "affected", "versions": [{"version": "0:1.9.0-15.el8_2.9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tigervnc", "defaultStatus": "affected", "versions": [{"version": "0:1.9.0-15.el8_2.9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tigervnc", "defaultStatus": "affected", "versions": [{"version": "0:1.11.0-8.el8_4.8", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tigervnc", "defaultStatus": "affected", "versions": [{"version": "0:1.11.0-8.el8_4.8", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tigervnc", "defaultStatus": "affected", "versions": [{"version": "0:1.11.0-8.el8_4.8", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tigervnc", "defaultStatus": "affected", "versions": [{"version": "0:1.12.0-6.el8_6.9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:8.6::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tigervnc", "defaultStatus": "affected", "versions": [{"version": "0:1.12.0-15.el8_8.7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:8.8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tigervnc", "defaultStatus": "affected", "versions": [{"version": "0:1.13.1-3.el9_3.6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "xorg-x11-server", "defaultStatus": "affected", "versions": [{"version": "0:1.20.11-24.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::crb"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "xorg-x11-server-Xwayland", "defaultStatus": "affected", "versions": [{"version": "0:22.1.9-5.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tigervnc", "defaultStatus": "affected", "versions": [{"version": "0:1.11.0-22.el9_0.8", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:9.0::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tigervnc", "defaultStatus": "affected", "versions": [{"version": "0:1.12.0-14.el9_2.5", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:9.2::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "tigervnc", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "xorg-x11-server", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "xorg-x11-server", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:0320", "name": "RHSA-2024:0320", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0557", "name": "RHSA-2024:0557", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0558", "name": "RHSA-2024:0558", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0597", "name": "RHSA-2024:0597", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0607", "name": "RHSA-2024:0607", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0614", "name": "RHSA-2024:0614", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0617", "name": "RHSA-2024:0617", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0621", "name": "RHSA-2024:0621", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0626", "name": "RHSA-2024:0626", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0629", "name": "RHSA-2024:0629", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2169", "name": "RHSA-2024:2169", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2170", "name": "RHSA-2024:2170", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2996", "name": "RHSA-2024:2996", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-6816", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257691", "name": "RHBZ#2257691", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2024-01-16T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "Out-of-bounds Write", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-787: Out-of-bounds Write", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "timeline": [{"lang": "en", "time": "2024-01-10T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-01-16T00:00:00+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Jan-Niklas Sohn (Trend Micro Zero Day Initiative) for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-09-16T15:30:29.009Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:42:07.410Z"}, "title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/01/18/1", "tags": ["x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0320", "name": "RHSA-2024:0320", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0557", "name": "RHSA-2024:0557", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0558", "name": "RHSA-2024:0558", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0597", "name": "RHSA-2024:0597", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0607", "name": "RHSA-2024:0607", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0614", "name": "RHSA-2024:0614", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0617", "name": "RHSA-2024:0617", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0621", "name": "RHSA-2024:0621", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0626", "name": "RHSA-2024:0626", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0629", "name": "RHSA-2024:0629", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2169", "name": "RHSA-2024:2169", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2170", "name": "RHSA-2024:2170", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2996", "name": "RHSA-2024:2996", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-6816", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257691", "name": "RHBZ#2257691", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/", "tags": ["x_transferred"]}, {"url": "https://security.gentoo.org/glsa/202401-30", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240307-0006/", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:x.org:xorg-server:*:*:*:*:*:*:*:*", "matchCriteriaId": "565381E7-E0BD-408F-B970-34E9724B1B08", "versionEndExcluding": "21.1.11", "vulnerable": true}, {"criteria": "cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:*", "matchCriteriaId": "1FE48099-1D7F-444E-8F0C-FAB71F25AD71", "versionEndExcluding": "23.2.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en el servidor X.Org. Tanto DeviceFocusEvent como la respuesta de XIQueryPointer contienen un bit para cada bot\u00f3n l\u00f3gico actualmente presionado. Los botones se pueden asignar arbitrariamente a cualquier valor hasta 255, pero el servidor X.Org solo asignaba espacio para la cantidad particular de botones del dispositivo, lo que provocaba un desbordamiento de b\u00fafer en la regi\u00f3n Heap de la memoria si se usaba un valor mayor."}], "id": "CVE-2023-6816", "lastModified": "2024-09-16T16:15:11.937", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2024-01-18T05:15:08.607", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2024:0320"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:0557"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:0558"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:0597"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:0607"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:0614"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:0617"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:0621"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:0626"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:0629"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:2169"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:2170"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:2996"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-6816"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257691"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Jan-Niklas Sohn (Trend Micro Zero Day Initiative) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2024:0320", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "xorg-x11-server-0:1.20.4-27.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2024-01-22T00:00:00Z"}, {"advisory": "RHSA-2024:0629", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "tigervnc-0:1.8.0-31.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2024-01-31T00:00:00Z"}, {"advisory": "RHSA-2024:0607", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "tigervnc-0:1.13.1-2.el8_9.7", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-01-30T00:00:00Z"}, {"advisory": "RHSA-2024:2996", "cpe": "cpe:/a:redhat:enterprise_linux:8", "impact": "moderate", "package": "xorg-x11-server-Xwayland-0:21.1.3-15.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-05-22T00:00:00Z"}, {"advisory": "RHSA-2024:0617", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "tigervnc-0:1.9.0-15.el8_2.9", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2024-01-31T00:00:00Z"}, {"advisory": "RHSA-2024:0617", "cpe": "cpe:/a:redhat:rhel_tus:8.2", "package": "tigervnc-0:1.9.0-15.el8_2.9", "product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "release_date": "2024-01-31T00:00:00Z"}, {"advisory": "RHSA-2024:0617", "cpe": "cpe:/a:redhat:rhel_e4s:8.2", "package": "tigervnc-0:1.9.0-15.el8_2.9", "product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "release_date": "2024-01-31T00:00:00Z"}, {"advisory": "RHSA-2024:0558", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "tigervnc-0:1.11.0-8.el8_4.8", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2024-01-30T00:00:00Z"}, {"advisory": "RHSA-2024:0558", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "tigervnc-0:1.11.0-8.el8_4.8", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2024-01-30T00:00:00Z"}, {"advisory": "RHSA-2024:0558", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "tigervnc-0:1.11.0-8.el8_4.8", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2024-01-30T00:00:00Z"}, {"advisory": "RHSA-2024:0621", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "tigervnc-0:1.12.0-6.el8_6.9", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2024-01-30T00:00:00Z"}, {"advisory": "RHSA-2024:0597", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "tigervnc-0:1.12.0-15.el8_8.7", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-01-30T00:00:00Z"}, {"advisory": "RHSA-2024:0557", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "tigervnc-0:1.13.1-3.el9_3.6", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-01-30T00:00:00Z"}, {"advisory": "RHSA-2024:2169", "cpe": "cpe:/a:redhat:enterprise_linux:9", "impact": "moderate", "package": "xorg-x11-server-0:1.20.11-24.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-04-30T00:00:00Z"}, {"advisory": "RHSA-2024:2170", "cpe": "cpe:/a:redhat:enterprise_linux:9", "impact": "moderate", "package": "xorg-x11-server-Xwayland-0:22.1.9-5.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-04-30T00:00:00Z"}, {"advisory": "RHSA-2024:0614", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "tigervnc-0:1.11.0-22.el9_0.8", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2024-01-30T00:00:00Z"}, {"advisory": "RHSA-2024:0626", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "tigervnc-0:1.12.0-14.el9_2.5", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-01-31T00:00:00Z"}], "bugzilla": {"description": "xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer", "id": "2257691", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257691"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-787", "details": ["A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.", "A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-6816", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "tigervnc", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "xorg-x11-server", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "impact": "moderate", "package_name": "xorg-x11-server", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2024-01-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-6816\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-6816"], "statement": "The Xorg server does not run with root privileges in Red Hat Enterprise Linux 8 and 9, therefore, Red Hat Enterprise Linux 8 and 9 have been rated with a moderate severity.", "threat_severity": "Important", "upstream_fix": "xorg-server 21.1.11, xwayland 23.2.4"}