Home > Vulnerability Database > CVE-2023-6816

Mend.io Vulnerability Database

CVE-2023-6816

Date: January 17, 2024

A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.

Language: C

Severity Score

9.8

Related Resources (27)

Url: https://gitlab.freedesktop.org/xorg/xserver/-/commit/9e2ecb2af8302dedc49cb6a63ebe063c58a9e7e3

Url: https://access.redhat.com/errata/RHSA-2024:0558

Url: https://access.redhat.com/errata/RHSA-2024:0614

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/

Url: https://access.redhat.com/errata/RHSA-2024:0617

Url: https://security-tracker.debian.org/tracker/CVE-2023-6816

Url: https://access.redhat.com/errata/RHSA-2024:0597

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/

Url: https://access.redhat.com/errata/RHSA-2025:12751

Url: https://access.redhat.com/security/cve/CVE-2023-6816

Url: https://security.netapp.com/advisory/ntap-20240307-0006/

Url: https://access.redhat.com/errata/RHSA-2024:2996

Url: https://access.redhat.com/errata/RHSA-2024:0557

Url: https://access.redhat.com/errata/RHSA-2024:2170

Url: https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-6816

Url: https://security.gentoo.org/glsa/202401-30

Url: https://access.redhat.com/errata/RHSA-2024:0626

Url: https://access.redhat.com/errata/RHSA-2024:0607

Url: https://access.redhat.com/errata/RHSA-2024:0629

Url: http://www.openwall.com/lists/oss-security/2024/01/18/1

Url: https://access.redhat.com/errata/RHSA-2024:0320

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2257691

Url: https://access.redhat.com/errata/RHSA-2024:2169

Url: https://access.redhat.com/errata/RHSA-2024:0621

Url: https://www.mend.io/vulnerability-database/CVE-2023-6816

Severity Score

9.8

Weakness Type (CWE)

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-119

Out-of-bounds Write

CWE-787

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-6816

Date: January 17, 2024

Language: C

Severity Score

Related Resources (27)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?