Fluid Attacks Database

Description

A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	xorg-server	=2:1.20.11-1 \|\| =2:1.20.11-1+deb11u1 \|\| =2:1.20.11-1+deb11u2 \|\| =2:1.20.11-1+deb11u3 \|\| =2:1.20.11-1+deb11u4 \|\| =2:1.20.11-1+deb11u5 \|\| >=0 <2:1.20.11-1+deb11u6	2:1.20.11-1+deb11u6
debian 13	xorg-server	>=0 <2:21.1.7-2	2:21.1.7-2
debian 12	xorg-server	>=0 <2:21.1.7-2	2:21.1.7-2
debian 14	xorg-server	>=0 <2:21.1.7-2	2:21.1.7-2
debian 12	xwayland	>=0 <2:22.1.9-1	2:22.1.9-1
debian 13	xwayland	>=0 <2:22.1.9-1	2:22.1.9-1
debian 14	xwayland	>=0 <2:22.1.9-1	2:22.1.9-1
rpm rhel9	xorg-x11-server-Xwayland	<0:22.1.9-2.el9	0:22.1.9-2.el9
rpm rhel7	tigervnc	<0:1.8.0-25.el7_9	0:1.8.0-25.el7_9
rpm rhel7	xorg-x11-server	<0:1.20.4-23.el7_9	0:1.20.4-23.el7_9

1-10 of 19

Aliases

1. CVE-2023-13932. NVD-2023-13933. OSV-DEBIAN-2023-13934. OSV-2023-13935. SECURITY-TRACKER-CVE-2023-1393

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.