CVE-2023-43786 PoC — X.Org libX11 安全漏洞

Source

https://github.com/jfrog/jfrog-CVE-2023-43786-libX11_DoS

Associated Vulnerability

Title:X.Org libX11 安全漏洞 (CVE-2023-43786)
Description:X.Org libX11是X.org基金会的一个X11（X Window系统）客户端库。 libX11存在安全漏洞，该漏洞源于函数PutSubImage（）存在无限循环。攻击者可利用该漏洞消耗系统资源并造成拒绝服务（DoS）。

Readme

# CVE-2023-43786 Proof-of-Concept

### Overview

This is a DoS Proof-of-Concept of libX11 Denial of Service vulnerability CVE-2023-43786.  
It will trigger the integer overflow and cause an infinite loop.  
The vulnerable versions are: libX11 1.8.6 and below and libXpm 3.5.16.  
For a comprehensive understanding, check out the accompanying [blog post](https://jfrog.com/blog/xorg-libx11-vulns-cve-2023-43786-cve-2023-43787-part-one/) for in-depth details.

### Dependencies

* A vulnerable version of both libXpm and libX11
* `xpmutils` installed

### Usage

1. Make sure you have `xpmutils` installed:
```
sudo apt-get install xpmutils
```

2. Run the PoC:
```
sxpm cve-2023-43786.xpm
```

File Snapshot


 [4.0K]  /data/pocs/e7fee703c9291b2ada9f8a9b2c92664fd031f18c
├── [ 91K]  cve-2023-43786.xpm
├── [518K]  jfrog_logo.xpm
└── [ 715]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!