#VU81432 Out-of-bounds read in libx11 - CVE-2023-43785

Cybersecurity Help s.r.o.

Published: 2023-10-03

Vulnerability identifier: #VU81432

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-43785

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
libx11
Other software / Other software solutions

Vendor: xorg.freedesktop.org

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the _XkbReadKeySyms() function. A local user can trigger an out-of-bounds read error and read contents of memory on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

libx11: 1.0.99.1 - 1.8.7

External links
https://seclists.org/oss-sec/2023/q4/17
https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/6858d468d9ca55fb4c5fd70b223dbc78a3358a7f

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM Cloud Pak for Multicloud Management

Dell RecoverPoint for Virtual Machines update for third-party components

Anolis OS update for libX11

Amazon Linux AMI update for libX11

Multiple vulnerabilities in Dell RecoverPoint for Virtual Machines

Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.17

Multiple vulnerabilities in Migration Toolkit for Containers 1.8

Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.16

Multiple vulnerabilities in Red Hat Single Sign-On 7.6

Multiple vulnerabilities in Red Hat OpenShift Dev Spaces