Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-6478

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-13 Dec, 2023 | 06:27
Updated At-04 Aug, 2025 | 21:03
Rejected At-
Credits

Xorg-x11-server: out-of-bounds memory read in rrchangeoutputproperty and rrchangeproviderproperty

A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:13 Dec, 2023 | 06:27
Updated At:04 Aug, 2025 | 21:03
Rejected At:
▼CVE Numbering Authority (CNA)
Xorg-x11-server: out-of-bounds memory read in rrchangeoutputproperty and rrchangeproviderproperty

A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information.

Affected Products
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
tigervnc
CPEs
  • cpe:/o:redhat:rhel_els:6
Default Status
affected
Versions
Unaffected
  • From 0:1.1.0-25.el6_10.13 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 7
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
tigervnc
CPEs
  • cpe:/o:redhat:enterprise_linux:7::server
  • cpe:/o:redhat:enterprise_linux:7::computenode
  • cpe:/o:redhat:enterprise_linux:7::client
  • cpe:/o:redhat:enterprise_linux:7::workstation
Default Status
affected
Versions
Unaffected
  • From 0:1.8.0-28.el7_9 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 7
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
xorg-x11-server
CPEs
  • cpe:/o:redhat:enterprise_linux:7::server
  • cpe:/o:redhat:enterprise_linux:7::computenode
  • cpe:/o:redhat:enterprise_linux:7::client
  • cpe:/o:redhat:enterprise_linux:7::workstation
Default Status
affected
Versions
Unaffected
  • From 0:1.20.4-25.el7_9 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
tigervnc
CPEs
  • cpe:/a:redhat:enterprise_linux:8::appstream
Default Status
affected
Versions
Unaffected
  • From 0:1.13.1-2.el8_9.4 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
xorg-x11-server
CPEs
  • cpe:/a:redhat:enterprise_linux:8::appstream
  • cpe:/a:redhat:enterprise_linux:8::crb
Default Status
affected
Versions
Unaffected
  • From 0:1.20.11-22.el8 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
xorg-x11-server-Xwayland
CPEs
  • cpe:/a:redhat:enterprise_linux:8::appstream
Default Status
affected
Versions
Unaffected
  • From 0:21.1.3-15.el8 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8.2 Advanced Update Support
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
tigervnc
CPEs
  • cpe:/a:redhat:rhel_e4s:8.2::appstream
  • cpe:/a:redhat:rhel_tus:8.2::appstream
  • cpe:/a:redhat:rhel_aus:8.2::appstream
Default Status
affected
Versions
Unaffected
  • From 0:1.9.0-15.el8_2.6 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8.2 Telecommunications Update Service
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
tigervnc
CPEs
  • cpe:/a:redhat:rhel_e4s:8.2::appstream
  • cpe:/a:redhat:rhel_tus:8.2::appstream
  • cpe:/a:redhat:rhel_aus:8.2::appstream
Default Status
affected
Versions
Unaffected
  • From 0:1.9.0-15.el8_2.6 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
tigervnc
CPEs
  • cpe:/a:redhat:rhel_e4s:8.2::appstream
  • cpe:/a:redhat:rhel_tus:8.2::appstream
  • cpe:/a:redhat:rhel_aus:8.2::appstream
Default Status
affected
Versions
Unaffected
  • From 0:1.9.0-15.el8_2.6 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
tigervnc
CPEs
  • cpe:/a:redhat:rhel_aus:8.4::appstream
  • cpe:/a:redhat:rhel_tus:8.4::appstream
  • cpe:/a:redhat:rhel_e4s:8.4::appstream
Default Status
affected
Versions
Unaffected
  • From 0:1.11.0-8.el8_4.5 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
tigervnc
CPEs
  • cpe:/a:redhat:rhel_aus:8.4::appstream
  • cpe:/a:redhat:rhel_tus:8.4::appstream
  • cpe:/a:redhat:rhel_e4s:8.4::appstream
Default Status
affected
Versions
Unaffected
  • From 0:1.11.0-8.el8_4.5 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
tigervnc
CPEs
  • cpe:/a:redhat:rhel_aus:8.4::appstream
  • cpe:/a:redhat:rhel_tus:8.4::appstream
  • cpe:/a:redhat:rhel_e4s:8.4::appstream
Default Status
affected
Versions
Unaffected
  • From 0:1.11.0-8.el8_4.5 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8.6 Extended Update Support
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
tigervnc
CPEs
  • cpe:/a:redhat:rhel_eus:8.6::appstream
Default Status
affected
Versions
Unaffected
  • From 0:1.12.0-6.el8_6.6 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8.8 Extended Update Support
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
tigervnc
CPEs
  • cpe:/a:redhat:rhel_eus:8.8::appstream
Default Status
affected
Versions
Unaffected
  • From 0:1.12.0-15.el8_8.4 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
tigervnc
CPEs
  • cpe:/a:redhat:enterprise_linux:9::appstream
Default Status
affected
Versions
Unaffected
  • From 0:1.13.1-3.el9_3.3 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
xorg-x11-server
CPEs
  • cpe:/a:redhat:enterprise_linux:9::appstream
  • cpe:/a:redhat:enterprise_linux:9::crb
Default Status
affected
Versions
Unaffected
  • From 0:1.20.11-24.el9 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
xorg-x11-server-Xwayland
CPEs
  • cpe:/a:redhat:enterprise_linux:9::appstream
Default Status
affected
Versions
Unaffected
  • From 0:22.1.9-5.el9 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9.0 Extended Update Support
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
tigervnc
CPEs
  • cpe:/a:redhat:rhel_eus:9.0::appstream
Default Status
affected
Versions
Unaffected
  • From 0:1.11.0-22.el9_0.5 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9.2 Extended Update Support
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
tigervnc
CPEs
  • cpe:/a:redhat:rhel_eus:9.2::appstream
Default Status
affected
Versions
Unaffected
  • From 0:1.12.0-14.el9_2.2 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 6
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
xorg-x11-server
CPEs
  • cpe:/o:redhat:enterprise_linux:6
Default Status
unknown
Problem Types
TypeCWE IDDescription
CWECWE-190Integer Overflow or Wraparound
Type: CWE
CWE ID: CWE-190
Description: Integer Overflow or Wraparound
Metrics
VersionBase scoreBase severityVector
3.17.6HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Version: 3.1
Base score: 7.6
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Metrics Other Info
Red Hat severity rating
value:
Important
namespace:
https://access.redhat.com/security/updates/classification/
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Exploits
Credits
This issue was discovered by Peter Hutterer (Red Hat).
Timeline
EventDate
Reported to Red Hat.2023-11-30 00:00:00
Made public.2023-12-13 00:00:00
Event: Reported to Red Hat.
Date: 2023-11-30 00:00:00
Event: Made public.
Date: 2023-12-13 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://access.redhat.com/errata/RHSA-2023:7886
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0006
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0009
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0010
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0014
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0015
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0016
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0017
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0018
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0020
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2169
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2170
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2995
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2996
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:12751
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-6478
vdb-entry
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2253298
issue-tracking
x_refsource_REDHAT
https://gitlab.freedesktop.org/xorg/xserver/-/commit/14f480010a93ff962fef66a16412fafff81ad632
N/A
https://lists.x.org/archives/xorg-announce/2023-December/003435.html
N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2023:7886
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0006
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0009
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0010
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0014
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0015
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0016
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0017
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0018
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0020
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:2169
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:2170
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:2995
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:2996
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2025:12751
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/security/cve/CVE-2023-6478
Resource:
vdb-entry
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2253298
Resource:
issue-tracking
x_refsource_REDHAT
Hyperlink: https://gitlab.freedesktop.org/xorg/xserver/-/commit/14f480010a93ff962fef66a16412fafff81ad632
Resource: N/A
Hyperlink: https://lists.x.org/archives/xorg-announce/2023-December/003435.html
Resource: N/A
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.openwall.com/lists/oss-security/2023/12/13/1
x_transferred
https://access.redhat.com/errata/RHSA-2023:7886
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:0006
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:0009
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:0010
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:0014
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:0015
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:0016
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:0017
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:0018
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:0020
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:2169
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:2170
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:2995
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:2996
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/security/cve/CVE-2023-6478
vdb-entry
x_refsource_REDHAT
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=2253298
issue-tracking
x_refsource_REDHAT
x_transferred
https://gitlab.freedesktop.org/xorg/xserver/-/commit/14f480010a93ff962fef66a16412fafff81ad632
x_transferred
https://lists.debian.org/debian-lts-announce/2023/12/msg00008.html
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6R63Z6GIWM3YUNZRCGFODUXLW3GY2HD6/
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7PP47YXKM5ETLCYEF6473R3VFCJ6QT2S/
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFHV5KCQ2SVOD4QMCPZ5HC6YL44L7YJD/
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LJDFWDB7EQVZA45XDP7L5WRSRWS6RVRR/
x_transferred
https://lists.x.org/archives/xorg-announce/2023-December/003435.html
x_transferred
https://security.gentoo.org/glsa/202401-30
x_transferred
https://security.netapp.com/advisory/ntap-20240125-0003/
x_transferred
https://www.debian.org/security/2023/dsa-5576
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2023/12/13/1
Resource:
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2023:7886
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0006
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0009
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0010
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0014
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0015
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0016
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0017
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0018
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0020
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:2169
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:2170
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:2995
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:2996
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/security/cve/CVE-2023-6478
Resource:
vdb-entry
x_refsource_REDHAT
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2253298
Resource:
issue-tracking
x_refsource_REDHAT
x_transferred
Hyperlink: https://gitlab.freedesktop.org/xorg/xserver/-/commit/14f480010a93ff962fef66a16412fafff81ad632
Resource:
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2023/12/msg00008.html
Resource:
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6R63Z6GIWM3YUNZRCGFODUXLW3GY2HD6/
Resource:
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7PP47YXKM5ETLCYEF6473R3VFCJ6QT2S/
Resource:
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFHV5KCQ2SVOD4QMCPZ5HC6YL44L7YJD/
Resource:
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LJDFWDB7EQVZA45XDP7L5WRSRWS6RVRR/
Resource:
x_transferred
Hyperlink: https://lists.x.org/archives/xorg-announce/2023-December/003435.html
Resource:
x_transferred
Hyperlink: https://security.gentoo.org/glsa/202401-30
Resource:
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20240125-0003/
Resource:
x_transferred
Hyperlink: https://www.debian.org/security/2023/dsa-5576
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:13 Dec, 2023 | 07:15
Updated At:04 Aug, 2025 | 21:15

A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.6HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 7.6
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CPE Matches
X.Org Foundation
x.org
>>x_server>>Versions before 21.1.10(exclusive)
cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>6.0
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>7.0
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>8.0
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>9.0
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
X.Org Foundation
x.org
>>xwayland>>Versions before 23.2.3(exclusive)
cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>8.0
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>9.0
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_eus>>9.2
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>11.0
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>12.0
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
tigervnc
tigervnc
>>tigervnc>>-
cpe:2.3:a:tigervnc:tigervnc:-:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>6.0
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>7.0
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>8.0
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>9.0
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-190Secondarysecalert@redhat.com
CWE-190Primarynvd@nist.gov
CWE ID: CWE-190
Type: Secondary
Source: secalert@redhat.com
CWE ID: CWE-190
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://access.redhat.com/errata/RHSA-2023:7886secalert@redhat.com
Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:0006secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:0009secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:0010secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:0014secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:0015secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:0016secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:0017secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:0018secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:0020secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:2169secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:2170secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:2995secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:2996secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2025:12751secalert@redhat.com
N/A
https://access.redhat.com/security/cve/CVE-2023-6478secalert@redhat.com
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2253298secalert@redhat.com
Issue Tracking
https://gitlab.freedesktop.org/xorg/xserver/-/commit/14f480010a93ff962fef66a16412fafff81ad632secalert@redhat.com
Patch
https://lists.x.org/archives/xorg-announce/2023-December/003435.htmlsecalert@redhat.com
Vendor Advisory
http://www.openwall.com/lists/oss-security/2023/12/13/1af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2023:7886af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:0006af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:0009af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:0010af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:0014af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:0015af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:0016af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:0017af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:0018af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:0020af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:2169af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:2170af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:2995af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:2996af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/security/cve/CVE-2023-6478af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2253298af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
https://gitlab.freedesktop.org/xorg/xserver/-/commit/14f480010a93ff962fef66a16412fafff81ad632af854a3a-2127-422b-91ae-364da2661108
Patch
https://lists.debian.org/debian-lts-announce/2023/12/msg00008.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6R63Z6GIWM3YUNZRCGFODUXLW3GY2HD6/af854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7PP47YXKM5ETLCYEF6473R3VFCJ6QT2S/af854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFHV5KCQ2SVOD4QMCPZ5HC6YL44L7YJD/af854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LJDFWDB7EQVZA45XDP7L5WRSRWS6RVRR/af854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.x.org/archives/xorg-announce/2023-December/003435.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://security.gentoo.org/glsa/202401-30af854a3a-2127-422b-91ae-364da2661108
N/A
https://security.netapp.com/advisory/ntap-20240125-0003/af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.debian.org/security/2023/dsa-5576af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2023:7886
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0006
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0009
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0010
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0014
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0015
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0016
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0017
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0018
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0020
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:2169
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:2170
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:2995
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:2996
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2025:12751
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/security/cve/CVE-2023-6478
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2253298
Source: secalert@redhat.com
Resource:
Issue Tracking
Hyperlink: https://gitlab.freedesktop.org/xorg/xserver/-/commit/14f480010a93ff962fef66a16412fafff81ad632
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: https://lists.x.org/archives/xorg-announce/2023-December/003435.html
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2023/12/13/1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2023:7886
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0006
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0009
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0010
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0014
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0015
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0016
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0017
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0018
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0020
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:2169
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:2170
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:2995
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:2996
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/security/cve/CVE-2023-6478
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2253298
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking
Hyperlink: https://gitlab.freedesktop.org/xorg/xserver/-/commit/14f480010a93ff962fef66a16412fafff81ad632
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://lists.debian.org/debian-lts-announce/2023/12/msg00008.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6R63Z6GIWM3YUNZRCGFODUXLW3GY2HD6/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7PP47YXKM5ETLCYEF6473R3VFCJ6QT2S/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFHV5KCQ2SVOD4QMCPZ5HC6YL44L7YJD/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LJDFWDB7EQVZA45XDP7L5WRSRWS6RVRR/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.x.org/archives/xorg-announce/2023-December/003435.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://security.gentoo.org/glsa/202401-30
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://security.netapp.com/advisory/ntap-20240125-0003/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.debian.org/security/2023/dsa-5576
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

0Records found
Details not found