CVE-2023-3138: Buffer Overflow
First published: Fri Jun 09 2023(Updated: )
A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| X.Org libX11 | <1.8.6 | |
| Redhat Enterprise Linux | =8.0 | |
| Redhat Enterprise Linux | =9.0 | |
| redhat/libX11 | <1.8.6 | 1.8.6 |
| IBM QRadar SIEM | <=7.5 - 7.5.0 UP8 IF01 |
Remedy
https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/security/cve/CVE-2023-3138
- https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c
- https://lists.x.org/archives/xorg-announce/2023-June/003406.html
- https://lists.x.org/archives/xorg-announce/2023-June/003407.html
- https://security.netapp.com/advisory/ntap-20231208-0008/
- https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/TBD
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2215372
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2213748#c0
- https://access.redhat.com/errata/RHSA-2023:6497
- https://access.redhat.com/errata/RHSA-2023:7029
- https://access.redhat.com/errata/RHSA-2024:1088
- https://access.redhat.com/errata/RHSA-2024:1417
- https://bugzilla.redhat.com/show_bug.cgi?id=2213748
- https://exchange.xforce.ibmcloud.com/vulnerabilities/258165
- https://www.ibm.com/support/pages/node/7150684 (Advisory)
Frequently Asked Questions
What is CVE-2023-3138?
CVE-2023-3138 is a vulnerability found in libX11 that allows attackers to write arbitrary values to arrays, potentially leading to remote code execution or denial of service.
How does the vulnerability in libX11 (CVE-2023-3138) occur?
The vulnerability occurs because certain functions in src/InitExt.c in libX11 do not properly check the bounds of array indexes.
What is the severity rating of CVE-2023-3138?
CVE-2023-3138 has a severity rating of 7.5 (High).
Which software versions are affected by CVE-2023-3138?
X.Org libX11 versions up to 1.8.6, Redhat Enterprise Linux 8.0, and Redhat Enterprise Linux 9.0 are affected by CVE-2023-3138.
How can I fix the vulnerability in libX11 (CVE-2023-3138)?
To fix the vulnerability, it is recommended to update to a patched version of libX11 as provided by the vendor or project maintainers.
- collector/nvd-index
- collector/nvd-api
- agent/author
- agent/type
- agent/event
- agent/remedy
- agent/weakness
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-3138
- agent/software-canonical-lookup
- collector/ibm-support
- source/IBM
- agent/references
- agent/severity
- agent/last-modified-date
- agent/softwarecombine
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/x.org
- canonical/x.org libx11
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/8.0
- version/redhat enterprise linux/9.0
- package-manager/redhat
- vendor/ibm
- canonical/ibm qradar siem
- version/ibm qradar siem/7.5 - 7.5.0 up8 if01