CVE-2023-43786

MEDIUM

libX11 < 1.8.7 - Denial of Service via PutSubImage Infinite Loop

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-43786. PoCs published by jfrog.

AI-analyzed exploit summary This repository contains a functional Proof-of-Concept for CVE-2023-43786, a Denial of Service vulnerability in libX11 and libXpm. The PoC triggers an integer overflow leading to an infinite loop, demonstrating the vulnerability in affected versions.

Description

A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.

Exploits (1)

nomisec WORKING POC

by jfrog · poc

https://github.com/jfrog/jfrog-CVE-2023-43786-libX11_DoS

View Code ZIP pw:eip

This repository contains a functional Proof-of-Concept for CVE-2023-43786, a Denial of Service vulnerability in libX11 and libXpm. The PoC triggers an integer overflow leading to an infinite loop, demonstrating the vulnerability in affected versions.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: libX11 (1.8.6 and below) and libXpm (3.5.16)

No auth needed

Prerequisites: Vulnerable versions of libX11 and libXpm · xpmutils installed

MITRE ATT&CK