CVE-2023-6816 CRITICAL

CVE-2023-6816: Xorg-x11-server: heap buffer overflow in devicefocusevent and procxiquerypointer

Vendor Red Hat

Product Red Hat Enterprise Linux 6

Weakness CWE-787

Published January 18, 2024

Last update March 19, 2026

View on NVD All CVEs

CVSS base score

9.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.

Key dates

02Disclosure timeline

January 18, 2024 CVE published

March 19, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-6816 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/787.html

Related vulnerabilities

CVE-2023-6816: Xorg-x11-server: heap buffer overflow in devicefocusevent and procxiquerypointer

01Description

02Disclosure timeline

03References

04Related CVE