CVE-2023-5367

Name
CVE-2023-5367
Description
A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://bugzilla.redhat.com/show_bug.cgi?id=2243091
MISC https://access.redhat.com/security/cve/CVE-2023-5367
MISC https://lists.x.org/archives/xorg-announce/2023-October/003430.html
MISC https://www.debian.org/security/2023/dsa-5534
MISC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN6KV4XGQJRVAOSM5C3CWMVAXO53COIP/
MISC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SEDJN4VFN57K5POOC7BNVD6L6WUUCSG6/
MISC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3RK66CXMXO3PCPDU3GDY5FK4UYHUXQJT/
MISC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4YBK3I6SETHETBHDETFWM3VSZUQICIDV/
https://access.redhat.com/errata/RHSA-2023:6802
https://access.redhat.com/errata/RHSA-2023:6808
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L2RMNR4235YXZZQ2X7Q4MTOZDMZ7BBQU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKKIE626TZOOPD533EYN47J4RFNHZVOP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WS5E7H4A5J3U5YBCTMRPQVGWK5LVH7D/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO2Q2NP6R62ZRQQG3XQ4AXUT7J2EKKKY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJXNI4BXURC2BKPNAHFJK3C5ZETB7PER/
https://access.redhat.com/errata/RHSA-2023:7373
https://access.redhat.com/errata/RHSA-2023:7388
https://access.redhat.com/errata/RHSA-2023:7405
https://access.redhat.com/errata/RHSA-2023:7428
https://access.redhat.com/errata/RHSA-2023:7436
secalert@redhat.com https://access.redhat.com/errata/RHSA-2023:7526
secalert@redhat.com https://access.redhat.com/errata/RHSA-2023:7533
secalert@redhat.com https://security.netapp.com/advisory/ntap-20231130-0004/
secalert@redhat.com https://access.redhat.com/errata/RHSA-2024:0010
secalert@redhat.com https://access.redhat.com/errata/RHSA-2024:0128
secalert@redhat.com https://security.gentoo.org/glsa/202401-30
secalert@redhat.com https://access.redhat.com/errata/RHSA-2024:2169
secalert@redhat.com https://access.redhat.com/errata/RHSA-2024:2170
secalert@redhat.com https://access.redhat.com/errata/RHSA-2024:2995
secalert@redhat.com https://access.redhat.com/errata/RHSA-2024:2996

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:* xwayland >= None < 23.2.2
cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:* x_server >= None < 21.1.9

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
xorg-server 3.18-community 21.1.9-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
xwayland 3.18-community 23.1.2-r1 psykose <alice@ayaya.dev> fixed