Infinite Loop Vulnerability in libX11 Leads to Denial of Service
CVE-2023-43786

5.5MEDIUM

Key Information:

Badges

👾 Exploit Exists🟡 Public PoC📰 News Worthy

What is CVE-2023-43786?

A vulnerability exists in libX11, specifically in the PutSubImage() function, which can cause an infinite loop leading to significant resource consumption. This flaw permits a local user to exhaust system resources, potentially resulting in a denial of service. Affected systems may experience instability and unresponsiveness as critical resources become unavailable, making it imperative for organizations using this library to assess their exposure and implement necessary mitigations.

Affected Version(s)

Red Hat Enterprise Linux 8 0:1.6.8-8.el8

Red Hat Enterprise Linux 9 0:1.7.0-9.el9

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

News Articles

CVE-2023-43786 & CVE-2023-43787 Vulns in libX11: All You Need To Know

Learn all about the 35-year-old vulnerabilities found by our Security Team in libX11, causing a denial-of-service and remote code execution.

CVE-2023-43786 & CVE-2023-43787 Vulns in libX11: All You Need To Know

Learn all about the 35-year-old vulnerabilities found by our Security Team in libX11, causing a denial-of-service and remote code execution.

References

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 📰

    First article discovered by JFrog

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.