AZL-44742

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-44742.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-44742

Upstream

CVE-2023-6816

Published

2024-01-18T05:15:08Z

Modified

2026-04-01T05:15:42.819721Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

CVE-2023-6816 affecting package xorg-x11-server 1.20.10-6

Details

A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-6816

Affected packages

Azure Linux:3 / xorg-x11-server

Package

Name: xorg-x11-server
Purl: pkg:rpm/azure-linux/xorg-x11-server

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

1.20.10-6

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-44742.json"