{"id":"CVE-2023-6816","details":"A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.","modified":"2026-03-13T07:50:46.815340Z","published":"2024-01-18T05:15:08.607Z","related":["ALSA-2024:0557","ALSA-2024:0607","ALSA-2024:2169","ALSA-2024:2170","ALSA-2024:2996","CGA-mrpv-ww4m-8jcr","MGASA-2024-0022","SUSE-SU-2024:0109-1","SUSE-SU-2024:0111-1","SUSE-SU-2024:0114-1","SUSE-SU-2024:0116-1","SUSE-SU-2024:0121-1","SUSE-SU-2024:0165-1","openSUSE-SU-2024:13597-1","openSUSE-SU-2024:13598-1"],"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/01/18/1"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:0607"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:0629"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:2169"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:2170"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202401-30"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:0597"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:0621"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:0626"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:0320"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:0557"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:0558"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:0614"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:0617"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:2996"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2023-6816"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:12751"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20240307-0006/"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2257691"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-6816.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"21.1.11"}]},{"events":[{"introduced":"0"},{"fixed":"23.2.4"}]},{"events":[{"introduced":"0"},{"last_affected":"39"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}