{"uuid": "0621b690-ea0c-47fe-bbe6-466daf4c60d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-0494", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5195", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-0494\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.\n\ud83d\udccf Published: 2023-03-27T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-24T17:43:00.816Z\n\ud83d\udd17 References:\n1. https://bugzilla.redhat.com/show_bug.cgi?id=2165995\n2. https://lists.x.org/archives/xorg-announce/2023-February/003320.html\n3. https://gitlab.freedesktop.org/xorg/xserver/-/commit/0ba6d8c37071131a49790243cdac55392ecf71ec\n4. https://security.gentoo.org/glsa/202305-30", "creation_timestamp": "2025-02-24T18:26:38.000000Z"}