Nixpkgs security tracker
Untriaged
Permalink
CVE-2023-5380
4.7 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): HIGH
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): NONE
- Availability impact (A): HIGH
Xorg-x11-server: use-after-free bug in destroywindow
A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed.
References
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
https://security.gentoo.org/glsa/202401-30 x_transferred
-
https://security.netapp.com/advisory/ntap-20231130-0004/ x_transferred
-
https://www.debian.org/security/2023/dsa-5534 x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
https://security.gentoo.org/glsa/202401-30 x_transferred
-
https://security.netapp.com/advisory/ntap-20231130-0004/ x_transferred
-
https://www.debian.org/security/2023/dsa-5534 x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
https://security.gentoo.org/glsa/202401-30 x_transferred
-
https://security.netapp.com/advisory/ntap-20231130-0004/ x_transferred
-
https://www.debian.org/security/2023/dsa-5534 x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
https://security.gentoo.org/glsa/202401-30 x_transferred
-
https://security.netapp.com/advisory/ntap-20231130-0004/ x_transferred
-
https://www.debian.org/security/2023/dsa-5534 x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
https://security.gentoo.org/glsa/202401-30 x_transferred
-
https://security.netapp.com/advisory/ntap-20231130-0004/ x_transferred
-
https://www.debian.org/security/2023/dsa-5534 x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
https://security.gentoo.org/glsa/202401-30 x_transferred
-
https://security.netapp.com/advisory/ntap-20231130-0004/ x_transferred
-
https://www.debian.org/security/2023/dsa-5534 x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
https://security.gentoo.org/glsa/202401-30 x_transferred
-
https://security.netapp.com/advisory/ntap-20231130-0004/ x_transferred
-
https://www.debian.org/security/2023/dsa-5534 x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
https://security.gentoo.org/glsa/202401-30 x_transferred
-
https://security.netapp.com/advisory/ntap-20231130-0004/ x_transferred
-
https://www.debian.org/security/2023/dsa-5534 x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
https://security.gentoo.org/glsa/202401-30 x_transferred
-
https://security.netapp.com/advisory/ntap-20231130-0004/ x_transferred
-
https://www.debian.org/security/2023/dsa-5534 x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
https://security.gentoo.org/glsa/202401-30 x_transferred
-
https://security.netapp.com/advisory/ntap-20231130-0004/ x_transferred
-
https://www.debian.org/security/2023/dsa-5534 x_transferred
Affected products
tigervnc
- *
xorg-server
- ==21.1.9
xorg-x11-server
- *
xorg-x11-server-Xwayland