CVE-2023-43785: Libx11: out-of-bounds memory access in _xkbreadkeysyms()
First published: Tue Oct 03 2023(Updated: )
A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| X.Org libX11 | <1.8.7 | |
| Redhat Enterprise Linux | =8.0 | |
| Redhat Enterprise Linux | =9.0 | |
| Fedoraproject Fedora | =38 | |
| redhat/libX11 | <1.8.7 | 1.8.7 |
| debian/libx11 | <=2:1.6.7-1+deb10u2 | 2:1.6.7-1+deb10u4 2:1.7.2-1+deb11u2 2:1.8.4-2+deb12u2 2:1.8.7-1 |
| ubuntu/libx11 | <2:1.6.4-3ubuntu0.4+ | 2:1.6.4-3ubuntu0.4+ |
| ubuntu/libx11 | <2:1.6.9-2ubuntu1.6 | 2:1.6.9-2ubuntu1.6 |
| ubuntu/libx11 | <2:1.7.5-1ubuntu0.3 | 2:1.7.5-1ubuntu0.3 |
| ubuntu/libx11 | <2:1.8.4-2ubuntu0.3 | 2:1.8.4-2ubuntu0.3 |
| ubuntu/libx11 | <2:1.8.6-1ubuntu1 | 2:1.8.6-1ubuntu1 |
| ubuntu/libx11 | <2:1.6.2-1ubuntu2.1+ | 2:1.6.2-1ubuntu2.1+ |
| ubuntu/libx11 | <1.8.7 | 1.8.7 |
| ubuntu/libx11 | <2:1.6.3-1ubuntu2.2+ | 2:1.6.3-1ubuntu2.2+ |
| <1.8.7 | ||
| =8.0 | ||
| =9.0 | ||
| =38 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/security/cve/CVE-2023-43785
- https://bugzilla.redhat.com/show_bug.cgi?id=2242252
- https://security.netapp.com/advisory/ntap-20231103-0006/
- https://launchpad.net/bugs/cve/CVE-2023-43785
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2243049
- https://www.openwall.com/lists/oss-security/2023/10/03/1
- https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/6858d468d9ca55fb4c5fd70b223dbc78a3358a7f
- https://security-tracker.debian.org/tracker/CVE-2023-43785
- https://ubuntu.com/security/notices/USN-6407-1
- https://ubuntu.com/security/notices/USN-6407-2
- https://www.cve.org/CVERecord?id=CVE-2023-43785
- https://nvd.nist.gov/vuln/detail/CVE-2023-43785
- https://ubuntu.com/security/CVE-2023-43785
- https://access.redhat.com/errata/RHSA-2024:2145
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2023-43785.
What is the title of this vulnerability?
The title of this vulnerability is 'out-of-bounds memory access in _XkbReadKeySyms()'.
What is the affected software?
The affected software is libX11.
What is the severity of the vulnerability?
The severity of the vulnerability is not specified in the provided information.
What is the remedy for this vulnerability?
The remedy for this vulnerability is to update libX11 to version 2:1.6.9-2ubuntu1.6 or apply the specified remedies for other versions.
- collector/nvd-index
- agent/weakness
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/first-publish-date
- agent/author
- agent/severity
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-43785
- agent/software-canonical-lookup
- collector/nvd-cve
- source/NVD
- agent/title
- agent/description
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- agent/event
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- vendor/x.org
- canonical/x.org libx11
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/8.0
- version/redhat enterprise linux/9.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/38
- package-manager/redhat
- package-manager/debian
- package-manager/ubuntu