CVE-2023-3138

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions libX11 versions prior to 1.8.6

Description A security flaw was found in libX11 due to functions in src/InitExt.c not checking if the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to. This can lead to memory corruption, potentially causing the client to crash, if a malicious server or proxy-in-the-middle provides out-of-bounds values. The issue is related to buffer overflows in InitExt.c.

Recommendations For libX11 versions prior to 1.8.6, update to version 1.8.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable src/InitExt.c functions until a patch is available. Avoid using the Request, Event, or Error IDs in the affected API endpoints until the issue is resolved.

Fix

Memory Corruption

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-119

Related Identifiers

ALSA-2023:6497

ALSA-2023:7029

ALT-PU-2023-5194

ALT-PU-2023-6146

AZL-27274

BDU:2023-03596

CESA-2023_7029

CVE-2023-3138

DLA-3472-1

DSA-5433-1

JLSEC-2026-472

MGASA-2023-0206

OESA-2023-1376

OESA-2023-1377

OESA-2023-1378

OESA-2023-1392

OPENSUSE-SU-2024:13008-1

RHSA-2023:6497

RHSA-2023:7029

RHSA-2023_6497

RHSA-2023_7029

RHSA-2024:1088

RHSA-2024:1417

ROSA-SA-2024-2343

SUSE-SU-2023:2531-1

SUSE-SU-2023:2614-1

SUSE-SU-2023_2531-1

SUSE-SU-2023_2614-1

USN-6168-1

USN-6168-2

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Red Os

Suse

Ubuntu

Libx11

CVE-2023-3138

Weakness Enumeration

Related Identifiers

Affected Products

References · 68