{"api_version":"1","generated_at":"2026-04-23T02:18:38+00:00","cve":"CVE-2023-5367","urls":{"html":"https://cve.report/CVE-2023-5367","api":"https://cve.report/api/cve/CVE-2023-5367.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-5367","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-5367"},"summary":{"title":"CVE-2023-5367","description":"A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2023-10-25 20:15:00","updated_at":"2024-01-31 13:15:00"},"problem_types":["CWE-787"],"metrics":[],"references":[{"url":"https://access.redhat.com/errata/RHSA-2023:7436","name":"RHSA-2023:7436","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2023:6802","name":"RHSA-2023:6802","refsource":"","tags":[],"title":"Red Hat","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN6KV4XGQJRVAOSM5C3CWMVAXO53COIP/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN6KV4XGQJRVAOSM5C3CWMVAXO53COIP/","refsource":"MISC","tags":[],"title":"[SECURITY] Fedora 38 Update: xorg-x11-server-1.20.14-26.fc38 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WS5E7H4A5J3U5YBCTMRPQVGWK5LVH7D/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WS5E7H4A5J3U5YBCTMRPQVGWK5LVH7D/","refsource":"","tags":[],"title":"[SECURITY] Fedora 38 Update: tigervnc-1.13.1-6.fc38 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/errata/RHSA-2024:0128","name":"RHSA-2024:0128","refsource":"","tags":[],"title":"Red Hat","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SEDJN4VFN57K5POOC7BNVD6L6WUUCSG6/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SEDJN4VFN57K5POOC7BNVD6L6WUUCSG6/","refsource":"MISC","tags":[],"title":"[SECURITY] Fedora 38 Update: xorg-x11-server-Xwayland-22.1.9-3.fc38 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/errata/RHSA-2024:0010","name":"RHSA-2024:0010","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3RK66CXMXO3PCPDU3GDY5FK4UYHUXQJT/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3RK66CXMXO3PCPDU3GDY5FK4UYHUXQJT/","refsource":"MISC","tags":[],"title":"[SECURITY] Fedora 39 Update: xorg-x11-server-1.20.14-26.fc39 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/errata/RHSA-2023:7533","name":"RHSA-2023:7533","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L2RMNR4235YXZZQ2X7Q4MTOZDMZ7BBQU/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L2RMNR4235YXZZQ2X7Q4MTOZDMZ7BBQU/","refsource":"","tags":[],"title":"[SECURITY] Fedora 37 Update: xorg-x11-server-Xwayland-22.1.9-3.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/security/cve/CVE-2023-5367","name":"https://access.redhat.com/security/cve/CVE-2023-5367","refsource":"MISC","tags":[],"title":"cve-details","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO2Q2NP6R62ZRQQG3XQ4AXUT7J2EKKKY/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO2Q2NP6R62ZRQQG3XQ4AXUT7J2EKKKY/","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://www.debian.org/security/2023/dsa-5534","name":"https://www.debian.org/security/2023/dsa-5534","refsource":"MISC","tags":[],"title":"Debian -- Security Information -- DSA-5534-1 xorg-server","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/errata/RHSA-2023:7373","name":"RHSA-2023:7373","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243091","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2243091","refsource":"MISC","tags":[],"title":"2243091 – (CVE-2023-5367) CVE-2023-5367 xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/errata/RHSA-2023:7526","name":"RHSA-2023:7526","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2023:7428","name":"RHSA-2023:7428","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2023:7388","name":"RHSA-2023:7388","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKKIE626TZOOPD533EYN47J4RFNHZVOP/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKKIE626TZOOPD533EYN47J4RFNHZVOP/","refsource":"","tags":[],"title":"[SECURITY] Fedora 37 Update: xorg-x11-server-1.20.14-26.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/errata/RHSA-2023:7405","name":"RHSA-2023:7405","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/202401-30","name":"https://security.gentoo.org/glsa/202401-30","refsource":"","tags":[],"title":"X.Org X Server, XWayland: Multiple Vulnerabilities (GLSA 202401-30) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2023:6808","name":"RHSA-2023:6808","refsource":"","tags":[],"title":"Red Hat","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4YBK3I6SETHETBHDETFWM3VSZUQICIDV/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4YBK3I6SETHETBHDETFWM3VSZUQICIDV/","refsource":"MISC","tags":[],"title":"[SECURITY] Fedora 39 Update: xorg-x11-server-Xwayland-23.2.2-1.fc39 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.netapp.com/advisory/ntap-20231130-0004/","name":"https://security.netapp.com/advisory/ntap-20231130-0004/","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJXNI4BXURC2BKPNAHFJK3C5ZETB7PER/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJXNI4BXURC2BKPNAHFJK3C5ZETB7PER/","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.x.org/archives/xorg-announce/2023-October/003430.html","name":"https://lists.x.org/archives/xorg-announce/2023-October/003430.html","refsource":"MISC","tags":[],"title":"X.Org Security Advisory: Issues in X.Org X server prior to 21.1.9 and Xwayland prior to 23.2.2","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-5367","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5367","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"5367","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"11.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"5367","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"12.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"5367","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"38","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"5367","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"5367","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"5367","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"5367","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"x.org","cpe5":"xwayland","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"5367","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"x.org","cpe5":"x_server","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-5367","qid":"161051","title":"Oracle Enterprise Linux Security Update for xorg-x11-server (ELSA-2023-6802)"},{"cve":"CVE-2023-5367","qid":"161193","title":"Oracle Enterprise Linux Security Update for tigervnc (ELSA-2023-7428)"},{"cve":"CVE-2023-5367","qid":"161265","title":"Oracle Enterprise Linux Security Update for tigervnc (ELSA-2024-0010)"},{"cve":"CVE-2023-5367","qid":"199866","title":"Ubuntu Security Notification for X.Org X Server Vulnerabilities (USN-6453-1)"},{"cve":"CVE-2023-5367","qid":"199877","title":"Ubuntu Security Notification for X.Org X Server Vulnerabilities (USN-6453-2)"},{"cve":"CVE-2023-5367","qid":"242338","title":"Red Hat Update for xorg-x11-server (RHSA-2023:6802)"},{"cve":"CVE-2023-5367","qid":"242388","title":"Red Hat Update for tigervnc (RHSA-2023:6808)"},{"cve":"CVE-2023-5367","qid":"242486","title":"Red Hat Update for tigervnc (RHSA-2023:7373)"},{"cve":"CVE-2023-5367","qid":"242499","title":"Red Hat Update for tigervnc (RHSA-2023:7428)"},{"cve":"CVE-2023-5367","qid":"242503","title":"Red Hat Update for tigervnc (RHSA-2023:7436)"},{"cve":"CVE-2023-5367","qid":"242520","title":"Red Hat Update for tigervnc (RHSA-2023:7526)"},{"cve":"CVE-2023-5367","qid":"242566","title":"Red Hat Update for tigervnc (RHSA-2023:7533)"},{"cve":"CVE-2023-5367","qid":"242594","title":"Red Hat Update for tigervnc (RHSA-2023:7405)"},{"cve":"CVE-2023-5367","qid":"242607","title":"Red Hat Update for tigervnc (RHSA-2023:7388)"},{"cve":"CVE-2023-5367","qid":"242660","title":"Red Hat Update for tigervnc (RHSA-2024:0010)"},{"cve":"CVE-2023-5367","qid":"242880","title":"Red Hat Update for tigervnc (RHSA-2024:0128)"},{"cve":"CVE-2023-5367","qid":"257265","title":"CentOS Security Update for xorg-x11-server"},{"cve":"CVE-2023-5367","qid":"284686","title":"Fedora Security Update for xorg (FEDORA-2023-1f4f1b8365)"},{"cve":"CVE-2023-5367","qid":"284687","title":"Fedora Security Update for xorg (FEDORA-2023-7a94186139)"},{"cve":"CVE-2023-5367","qid":"284725","title":"Fedora Security Update for xorg (FEDORA-2023-f111d2f306)"},{"cve":"CVE-2023-5367","qid":"284726","title":"Fedora Security Update for xorg (FEDORA-2023-18cb340b28)"},{"cve":"CVE-2023-5367","qid":"284729","title":"Fedora Security Update for tigervnc (FEDORA-2023-dbacf5d9f6)"},{"cve":"CVE-2023-5367","qid":"284745","title":"Fedora Security Update for tigervnc (FEDORA-2023-4708733ccc)"},{"cve":"CVE-2023-5367","qid":"285157","title":"Fedora Security Update for tigervnc (FEDORA-2023-4bb75fa8f2)"},{"cve":"CVE-2023-5367","qid":"285171","title":"Fedora Security Update for xorg (FEDORA-2023-2eb445d52b)"},{"cve":"CVE-2023-5367","qid":"285174","title":"Fedora Security Update for xorg (FEDORA-2023-b88929bc79)"},{"cve":"CVE-2023-5367","qid":"296108","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 66.164.1 Missing (CPUJAN2024)"},{"cve":"CVE-2023-5367","qid":"356618","title":"Amazon Linux Security Advisory for xorg-x11-server : ALAS2023-2023-404"},{"cve":"CVE-2023-5367","qid":"356738","title":"Amazon Linux Security Advisory for xorg-x11-server : ALAS2-2023-2335"},{"cve":"CVE-2023-5367","qid":"356746","title":"Amazon Linux Security Advisory for xorg-x11-server : ALAS-2023-1884"},{"cve":"CVE-2023-5367","qid":"356991","title":"Amazon Linux Security Advisory for xorg-x11-server : AL2012-2023-475"},{"cve":"CVE-2023-5367","qid":"379034","title":"Alibaba Cloud Linux Security Update for xorg-x11-server (ALINUX2-SA-2023:0046)"},{"cve":"CVE-2023-5367","qid":"379276","title":"Alibaba Cloud Linux Security Update for tigervnc (ALINUX2-SA-2023:0050)"},{"cve":"CVE-2023-5367","qid":"379625","title":"Alibaba Cloud Linux Security Update for tigervnc (ALINUX3-SA-2024:0028)"},{"cve":"CVE-2023-5367","qid":"503445","title":"Alpine Linux Security Update for xorg-server"},{"cve":"CVE-2023-5367","qid":"503551","title":"Alpine Linux Security Update for xwayland"},{"cve":"CVE-2023-5367","qid":"506278","title":"Alpine Linux Security Update for xorg-server"},{"cve":"CVE-2023-5367","qid":"506281","title":"Alpine Linux Security Update for xwayland"},{"cve":"CVE-2023-5367","qid":"6000255","title":"Debian Security Update for xorg-server (DLA 3631-1)"},{"cve":"CVE-2023-5367","qid":"6000298","title":"Debian Security Update for xorg-server (DSA 5534-1)"},{"cve":"CVE-2023-5367","qid":"673442","title":"EulerOS Security Update for xorg-x11-server (EulerOS-SA-2024-1307)"},{"cve":"CVE-2023-5367","qid":"673495","title":"EulerOS Security Update for xorg-x11-server (EulerOS-SA-2024-1169)"},{"cve":"CVE-2023-5367","qid":"673515","title":"EulerOS Security Update for xorg-x11-server (EulerOS-SA-2024-1131)"},{"cve":"CVE-2023-5367","qid":"673733","title":"EulerOS Security Update for xorg-x11-server (EulerOS-SA-2024-1115)"},{"cve":"CVE-2023-5367","qid":"691339","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for xorg (9e2fdfc7-e237-4393-9fa5-2d50908c66b3)"},{"cve":"CVE-2023-5367","qid":"710847","title":"Gentoo Linux X.Org X Server, XWayland Multiple Vulnerabilities (GLSA 202401-30)"},{"cve":"CVE-2023-5367","qid":"755188","title":"SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2023:4272-1)"},{"cve":"CVE-2023-5367","qid":"755191","title":"SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2023:4269-1)"},{"cve":"CVE-2023-5367","qid":"755198","title":"SUSE Enterprise Linux Security Update for xwayland (SUSE-SU-2023:4306-1)"},{"cve":"CVE-2023-5367","qid":"755203","title":"SUSE Enterprise Linux Security Update for xwayland (SUSE-SU-2023:4293-1)"},{"cve":"CVE-2023-5367","qid":"755204","title":"SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2023:4292-1)"},{"cve":"CVE-2023-5367","qid":"755217","title":"SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2023:4338-1)"},{"cve":"CVE-2023-5367","qid":"941513","title":"AlmaLinux Security Update for tigervnc (ALSA-2024:0010)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-5367","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Out-of-bounds Write","cweId":"CWE-787"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"xorg-server","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"versions":[{"version":"21.1.9","status":"unaffected"}]}}]}},{"product_name":"xwayland","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"versions":[{"version":"23.2.2","status":"unaffected"}]}}]}}]}},{"vendor_name":"Red Hat","product":{"product_data":[{"product_name":"Red Hat Enterprise Linux 7","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"versions":[{"version":"0:1.20.4-24.el7_9","lessThan":"*","versionType":"rpm","status":"unaffected"}],"defaultStatus":"affected"}},{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}}]}},{"product_name":"Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"versions":[{"version":"0:1.9.0-16.el8_1.4","lessThan":"*","versionType":"rpm","status":"unaffected"}],"defaultStatus":"affected"}}]}},{"product_name":"Red Hat Enterprise Linux 6","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"unknown"}},{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"unknown"}}]}},{"product_name":"Red Hat Enterprise Linux 8","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}},{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}},{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}}]}},{"product_name":"Red Hat Enterprise Linux 9","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}},{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}},{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}}]}}]}},{"vendor_name":"Fedora","product":{"product_data":[{"product_name":"Fedora","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}},{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}},{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}}]}}]}}]}},"references":{"reference_data":[{"url":"https://access.redhat.com/errata/RHSA-2023:6802","refsource":"MISC","name":"https://access.redhat.com/errata/RHSA-2023:6802"},{"url":"https://access.redhat.com/errata/RHSA-2023:6808","refsource":"MISC","name":"https://access.redhat.com/errata/RHSA-2023:6808"},{"url":"https://access.redhat.com/security/cve/CVE-2023-5367","refsource":"MISC","name":"https://access.redhat.com/security/cve/CVE-2023-5367"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243091","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2243091"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3RK66CXMXO3PCPDU3GDY5FK4UYHUXQJT/","refsource":"MISC","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3RK66CXMXO3PCPDU3GDY5FK4UYHUXQJT/"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4YBK3I6SETHETBHDETFWM3VSZUQICIDV/","refsource":"MISC","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4YBK3I6SETHETBHDETFWM3VSZUQICIDV/"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SEDJN4VFN57K5POOC7BNVD6L6WUUCSG6/","refsource":"MISC","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SEDJN4VFN57K5POOC7BNVD6L6WUUCSG6/"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN6KV4XGQJRVAOSM5C3CWMVAXO53COIP/","refsource":"MISC","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN6KV4XGQJRVAOSM5C3CWMVAXO53COIP/"},{"url":"https://lists.x.org/archives/xorg-announce/2023-October/003430.html","refsource":"MISC","name":"https://lists.x.org/archives/xorg-announce/2023-October/003430.html"},{"url":"https://www.debian.org/security/2023/dsa-5534","refsource":"MISC","name":"https://www.debian.org/security/2023/dsa-5534"}]},"work_around":[{"lang":"en","value":"Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}],"impact":{"cvss":[{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}]}},"nvd":{"publishedDate":"2023-10-25 20:15:00","lastModifiedDate":"2024-01-31 13:15:00","problem_types":["CWE-787"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:*","versionEndExcluding":"23.2.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:*","versionEndExcluding":"21.1.9","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}