NVD Vulnerability Detail

CVE-2023-6816

Summary	A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.
Publication Date	Jan. 18, 2024, 2:15 p.m.
Registration Date	Jan. 18, 2024, 4 p.m.
Last Update	Nov. 21, 2024, 5:44 p.m.

CVSS3.1 : CRITICAL
スコア	9.8
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃に必要な特権レベル(PR)	不要
利用者の関与(UI)	不要
影響の想定範囲(S)	変更なし
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:x.org:xwayland::::::::				23.2.4
cpe:2.3:a:x.org:xorg-server::::::::				21.1.11

Configuration2		or higher	or less	more than	less than
cpe:2.3:o:fedoraproject:fedora:39:::::::*

Configuration3	or higher	or less	more than	less than
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

Configuration4		or higher	or less	more than	less than
cpe:2.3:o:debian:debian_linux:10.0:::::::*

Related information, measures and tools

No	URL	タグ
1	http://www.openwall.com/lists/oss-security/2024/01/18/1
2	https://access.redhat.com/errata/RHSA-2024:0320	Third Party Advisory
3	https://access.redhat.com/errata/RHSA-2024:0320	Third Party Advisory
4	https://access.redhat.com/errata/RHSA-2024:0557
5	https://access.redhat.com/errata/RHSA-2024:0557
6	https://access.redhat.com/errata/RHSA-2024:0558
7	https://access.redhat.com/errata/RHSA-2024:0558
8	https://access.redhat.com/errata/RHSA-2024:0597
9	https://access.redhat.com/errata/RHSA-2024:0597
10	https://access.redhat.com/errata/RHSA-2024:0607
11	https://access.redhat.com/errata/RHSA-2024:0607
12	https://access.redhat.com/errata/RHSA-2024:0614
13	https://access.redhat.com/errata/RHSA-2024:0614
14	https://access.redhat.com/errata/RHSA-2024:0617
15	https://access.redhat.com/errata/RHSA-2024:0617
16	https://access.redhat.com/errata/RHSA-2024:0621
17	https://access.redhat.com/errata/RHSA-2024:0621
18	https://access.redhat.com/errata/RHSA-2024:0626
19	https://access.redhat.com/errata/RHSA-2024:0626
20	https://access.redhat.com/errata/RHSA-2024:0629
21	https://access.redhat.com/errata/RHSA-2024:0629
22	https://access.redhat.com/errata/RHSA-2024:2169
23	https://access.redhat.com/errata/RHSA-2024:2169
24	https://access.redhat.com/errata/RHSA-2024:2170
25	https://access.redhat.com/errata/RHSA-2024:2170
26	https://access.redhat.com/errata/RHSA-2024:2996
27	https://access.redhat.com/errata/RHSA-2024:2996
28	https://access.redhat.com/security/cve/CVE-2023-6816	Third Party Advisory
29	https://access.redhat.com/security/cve/CVE-2023-6816	Third Party Advisory
30	https://bugzilla.redhat.com/show_bug.cgi?id=2257691	Issue Tracking
31	https://bugzilla.redhat.com/show_bug.cgi?id=2257691	Issue Tracking
32	https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html
33	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/
34	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/
35	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/
36	https://security.gentoo.org/glsa/202401-30
37	https://security.netapp.com/advisory/ntap-20240307-0006/

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-787	境界外書き込み	https://cwe.mitre.org/data/definitions/787.html