Home > Vulnerability Database > CVE-2023-6816

Mend.io Vulnerability Database

CVE-2023-6816

Good to know:

Date: January 18, 2024

A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.

Language: C

Severity Score

9.8

Related Resources (25)

Url: https://access.redhat.com/errata/RHSA-2024:2170

Url: https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-6816

Url: https://gitlab.freedesktop.org/xorg/xserver/-/commit/9e2ecb2af8302dedc49cb6a63ebe063c58a9e7e3

Url: https://security.gentoo.org/glsa/202401-30

Url: https://access.redhat.com/errata/RHSA-2024:0558

Url: https://access.redhat.com/errata/RHSA-2024:0614

Url: https://access.redhat.com/errata/RHSA-2024:0626

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/

Url: https://access.redhat.com/errata/RHSA-2024:0617

Url: https://access.redhat.com/errata/RHSA-2024:0607

Url: https://access.redhat.com/errata/RHSA-2024:0629

Url: http://www.openwall.com/lists/oss-security/2024/01/18/1

Url: https://security-tracker.debian.org/tracker/CVE-2023-6816

Url: https://access.redhat.com/errata/RHSA-2024:0320

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2257691

Url: https://access.redhat.com/errata/RHSA-2024:0597

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/

Url: https://access.redhat.com/errata/RHSA-2024:2169

Url: https://access.redhat.com/security/cve/CVE-2023-6816

Url: https://access.redhat.com/errata/RHSA-2024:0621

Url: https://security.netapp.com/advisory/ntap-20240307-0006/

Url: https://access.redhat.com/errata/RHSA-2024:0557

Url: https://www.mend.io/vulnerability-database/CVE-2023-6816

Severity Score

9.8

Weakness Type (CWE)

Buffer Errors

CWE-119

Out-of-bounds Write

CWE-787

Top Fix

Upgrade Version

Upgrade to version xorg-server-21.1.11, xwayland-23.2.4

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-6816

Good to know:

Date: January 18, 2024

Language: C

Severity Score

Related Resources (25)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?