Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-ecxq-s96s-hufp
Vulnerability ID VCID-ecxq-s96s-hufp
Aliases CVE-2023-43785
Summary libX11: out-of-bounds memory access in _XkbReadKeySyms()
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-787 Out-of-bounds Write
System Score Found at
cvssv3.1 6.5 https://access.redhat.com/errata/RHSA-2024:2145
ssvc Track https://access.redhat.com/errata/RHSA-2024:2145
cvssv3.1 6.5 https://access.redhat.com/errata/RHSA-2024:2973
ssvc Track https://access.redhat.com/errata/RHSA-2024:2973
cvssv3 6.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43785.json
cvssv3.1 6.5 https://access.redhat.com/security/cve/CVE-2023-43785
ssvc Track https://access.redhat.com/security/cve/CVE-2023-43785
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2023-43785
cvssv3.1 6.5 https://bugzilla.redhat.com/show_bug.cgi?id=2242252
ssvc Track https://bugzilla.redhat.com/show_bug.cgi?id=2242252
cvssv3.1 4.4 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43785.json
https://api.first.org/data/v1/epss?cve=CVE-2023-43785
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43785
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43786
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43787
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2242252 https://bugzilla.redhat.com/show_bug.cgi?id=2242252
cpe:/a:redhat:enterprise_linux:8::appstream https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream
cpe:/a:redhat:enterprise_linux:9::appstream https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/o:redhat:enterprise_linux:6 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
CVE-2023-43785 https://access.redhat.com/security/cve/CVE-2023-43785
GLSA-202407-21 https://security.gentoo.org/glsa/202407-21
RHSA-2024:2145 https://access.redhat.com/errata/RHSA-2024:2145
RHSA-2024:2973 https://access.redhat.com/errata/RHSA-2024:2973
USN-6407-1 https://usn.ubuntu.com/6407-1/
USN-6407-2 https://usn.ubuntu.com/6407-2/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2024:2145
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T15:44:16Z/ Found at https://access.redhat.com/errata/RHSA-2024:2145
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2024:2973
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T15:44:16Z/ Found at https://access.redhat.com/errata/RHSA-2024:2973
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43785.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://access.redhat.com/security/cve/CVE-2023-43785
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T15:44:16Z/ Found at https://access.redhat.com/security/cve/CVE-2023-43785
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=2242252
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T15:44:16Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2242252
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.27356
EPSS Score 0.001
Published At May 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-29T09:06:46.038913+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43785.json 38.6.0