CVE-2023-3138: 
NixOS vulnerability analysis and mitigation

A vulnerability (CVE-2023-3138) was discovered in libX11 prior to version 1.8.6. The security flaw exists in the functions within src/InitExt.c, which fail to verify that the values provided for Request, Event, or Error IDs are within the bounds of the arrays they write to. The vulnerability was discovered in June 2023 and affects libX11 installations across various systems (X.Org Announce).

The vulnerability stems from the InitExt.c functions in libX11 using array indexes without proper bounds checking. The functions trust values provided by X servers to adhere to X11 protocol specifications. The protocol specifies a single byte for these values, meaning that while out-of-bounds values from a malicious server can overwrite other portions of the Display structure, they cannot write outside the Display structure's bounds. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with a vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (NVD).

When successfully exploited, this vulnerability can lead to memory corruption within the Display structure, potentially causing client applications to crash, resulting in a Denial of Service (DoS) condition. The impact is limited to overwriting portions within the Display structure itself (NetApp Advisory).

The vulnerability has been fixed in libX11 version 1.8.6. The fix includes adding bounds checks for extension request, event, and error codes, as implemented in the patch commit 304a654a. Users are advised to upgrade to this version or later to mitigate the vulnerability (X.Org Announce, GitLab Patch).