CVE-2023-6478

UNKNOWN

Published 2023-12-13T06:27:41.017Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2023-6478. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1

7.6

/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Base Score Metrics

Exploitability: N/A Impact: N/A

EPSS Score

v2023.03.01

0.009

probability

of exploitation in the wild

There is a 0.9% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-01-25

Exploit Probability

Percentile: 0.830

Higher than 83.0% of all CVEs

Attack Vector Metrics

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Impact Metrics

Confidentiality

HIGH

Integrity

LOW

Availability

LOW

Description

A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Red Hat

Red Hat Enterprise Linux 7

Affected Versions:

0:1.8.0-28.el7_9

Red Hat

Red Hat Enterprise Linux 7

Affected Versions:

0:1.20.4-25.el7_9

Red Hat

Red Hat Enterprise Linux 8

Affected Versions:

0:1.13.1-2.el8_9.4

Red Hat

Red Hat Enterprise Linux 8

Affected Versions:

0:1.20.11-22.el8

Red Hat

Red Hat Enterprise Linux 8

Affected Versions:

0:21.1.3-15.el8

Red Hat

Red Hat Enterprise Linux 8.2 Advanced Update Support

Affected Versions:

0:1.9.0-15.el8_2.6

Red Hat

Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Affected Versions:

0:1.9.0-15.el8_2.6

Red Hat

Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions

Affected Versions:

0:1.9.0-15.el8_2.6

Red Hat

Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support

Affected Versions:

0:1.11.0-8.el8_4.5

Red Hat

Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Affected Versions:

0:1.11.0-8.el8_4.5

Red Hat

Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions

Affected Versions:

0:1.11.0-8.el8_4.5

Red Hat

Red Hat Enterprise Linux 8.6 Extended Update Support

Affected Versions:

0:1.12.0-6.el8_6.6

Red Hat

Red Hat Enterprise Linux 8.8 Extended Update Support

Affected Versions:

0:1.12.0-15.el8_8.4

Red Hat

Red Hat Enterprise Linux 9

Affected Versions:

0:1.13.1-3.el9_3.3

Red Hat

Red Hat Enterprise Linux 9

Affected Versions:

0:1.20.11-24.el9

Red Hat

Red Hat Enterprise Linux 9

Affected Versions:

0:22.1.9-5.el9

Red Hat

Red Hat Enterprise Linux 9.0 Extended Update Support

Affected Versions:

0:1.11.0-22.el9_0.5

Red Hat

Red Hat Enterprise Linux 9.2 Extended Update Support

Affected Versions:

0:1.12.0-14.el9_2.2

Red Hat

Red Hat Enterprise Linux 6

Red Hat

Red Hat Enterprise Linux 6

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-fwrj-5c8f-f8h2

Advisory Details

CVSS Scoring

CVSS Score

7.5

CVSS Vector


                                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-6478

WEB https://www.debian.org/security/2023/dsa-5576

WEB https://security.netapp.com/advisory/ntap-20240125-0003

WEB https://security.gentoo.org/glsa/202401-30

WEB https://lists.x.org/archives/xorg-announce/2023-December/003435.html

WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/LJDFWDB7EQVZA45XDP7L5WRSRWS6RVRR

WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/IFHV5KCQ2SVOD4QMCPZ5HC6YL44L7YJD

WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/7PP47YXKM5ETLCYEF6473R3VFCJ6QT2S

WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/6R63Z6GIWM3YUNZRCGFODUXLW3GY2HD6

WEB https://lists.debian.org/debian-lts-announce/2023/12/msg00008.html

WEB https://gitlab.freedesktop.org/xorg/xserver/-/commit/14f480010a93ff962fef66a16412fafff81ad632

WEB https://bugzilla.redhat.com/show_bug.cgi?id=2253298

WEB https://access.redhat.com/security/cve/CVE-2023-6478

WEB https://access.redhat.com/errata/RHSA-2024:2996

WEB https://access.redhat.com/errata/RHSA-2024:2995

WEB https://access.redhat.com/errata/RHSA-2024:2170

WEB https://access.redhat.com/errata/RHSA-2024:2169

WEB https://access.redhat.com/errata/RHSA-2024:0020

WEB https://access.redhat.com/errata/RHSA-2024:0018

WEB https://access.redhat.com/errata/RHSA-2024:0017

WEB https://access.redhat.com/errata/RHSA-2024:0016

WEB https://access.redhat.com/errata/RHSA-2024:0015

WEB https://access.redhat.com/errata/RHSA-2024:0014

WEB https://access.redhat.com/errata/RHSA-2024:0010

WEB https://access.redhat.com/errata/RHSA-2024:0009

WEB https://access.redhat.com/errata/RHSA-2024:0006

WEB https://access.redhat.com/errata/RHSA-2023:7886

WEB http://www.openwall.com/lists/oss-security/2023/12/13/1

Advisory provided by GitHub Security Advisory Database. Published: December 13, 2023, Modified: May 22, 2024

References

https://access.redhat.com/errata/RHSA-2023:7886

https://access.redhat.com/errata/RHSA-2024:0006

https://access.redhat.com/errata/RHSA-2024:0009

https://access.redhat.com/errata/RHSA-2024:0010

https://access.redhat.com/errata/RHSA-2024:0014

https://access.redhat.com/errata/RHSA-2024:0015

https://access.redhat.com/errata/RHSA-2024:0016

https://access.redhat.com/errata/RHSA-2024:0017

https://access.redhat.com/errata/RHSA-2024:0018

https://access.redhat.com/errata/RHSA-2024:0020

https://access.redhat.com/errata/RHSA-2024:2169

https://access.redhat.com/errata/RHSA-2024:2170

https://access.redhat.com/errata/RHSA-2024:2995

https://access.redhat.com/errata/RHSA-2024:2996

https://access.redhat.com/security/cve/CVE-2023-6478

https://bugzilla.redhat.com/show_bug.cgi?id=2253298

https://gitlab.freedesktop.org/xorg/xserver/-/commit/14f480010a93ff962fef66a16412fafff81ad632

https://lists.x.org/archives/xorg-announce/2023-December/003435.html

Published: 2023-12-13T06:27:41.017Z

Last Modified: 2024-11-23T02:52:01.579Z

Copied to clipboard!

CVE-2023-6478

Expert Analysis

CVSS Score

EPSS Score

Attack Vector Metrics

Impact Metrics

Description

Available Exploits

Related News

Affected Products

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

GitHub Security Advisories

Advisory Details

CVSS Scoring

CVSS Score

CVSS Vector

References

References

Request Analysis

What to expect

Request Received!