Infinite Loop Vulnerability in libX11 Leads to Denial of Service
CVE-2023-43786
Key Information:
- Vendor
Red Hat
- Status
- Vendor
- CVE Published:
- 10 October 2023
Badges
What is CVE-2023-43786?
A vulnerability exists in libX11, specifically in the PutSubImage() function, which can cause an infinite loop leading to significant resource consumption. This flaw permits a local user to exhaust system resources, potentially resulting in a denial of service. Affected systems may experience instability and unresponsiveness as critical resources become unavailable, making it imperative for organizations using this library to assess their exposure and implement necessary mitigations.
Affected Version(s)
Red Hat Enterprise Linux 8 0:1.6.8-8.el8
Red Hat Enterprise Linux 9 0:1.7.0-9.el9
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
JFrogCVE-2023-43786 & CVE-2023-43787 Vulns in libX11: All You Need To Know
Learn all about the 35-year-old vulnerabilities found by our Security Team in libX11, causing a denial-of-service and remote code execution.
CVE-2023-43786 & CVE-2023-43787 Vulns in libX11: All You Need To Know
Learn all about the 35-year-old vulnerabilities found by our Security Team in libX11, causing a denial-of-service and remote code execution.
References
CVSS V3.1
Timeline
- 📰
First article discovered by JFrog
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved