PT-2023-3418 · Libx11+9 · Libx11+9

Alan Coopersmith

·

Publicado

2023-06-15

·

Atualizado

2026-05-07

·

CVE-2023-3138

CVSS v2.0

7.8

Alta

VetorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions libX11 versions prior to 1.8.6
Description A security flaw was found in libX11 due to functions in src/InitExt.c not checking if the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to. This can lead to memory corruption, potentially causing the client to crash, if a malicious server or proxy-in-the-middle provides out-of-bounds values. The issue is related to buffer overflows in InitExt.c.
Recommendations For libX11 versions prior to 1.8.6, update to version 1.8.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable src/InitExt.c functions until a patch is available. Avoid using the Request, Event, or Error IDs in the affected API endpoints until the issue is resolved.

Correção

Memory Corruption

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787CWE-119

Identificadores relacionados

ALSA-2023:6497
ALSA-2023:7029
ALT-PU-2023-5194
ALT-PU-2023-6146
AZL-27274
BDU:2023-03596
CESA-2023_7029
CVE-2023-3138
DLA-3472-1
DSA-5433-1
JLSEC-2026-472
MGASA-2023-0206
OESA-2023-1376
OESA-2023-1377
OESA-2023-1378
OESA-2023-1392
OPENSUSE-SU-2024:13008-1
RHSA-2023:6497
RHSA-2023:7029
RHSA-2023_6497
RHSA-2023_7029
RHSA-2024:1088
RHSA-2024:1417
ROSA-SA-2024-2343
SUSE-SU-2023:2531-1
SUSE-SU-2023:2614-1
SUSE-SU-2023_2531-1
SUSE-SU-2023_2614-1
USN-6168-1
USN-6168-2

Produtos afetados

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Red Hat
Red Os
Suse
Ubuntu
Libx11