Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2022-39046

Published: 31/08/2022 Updated: 04/02/2024
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Glibc

Vulnerability Summary

An issue exists in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnu glibc 2.36

netapp h300s_firmware -

netapp h500s_firmware -

netapp h700s_firmware -

netapp h410s_firmware -

netapp h410c_firmware -

netapp ontap select deploy administration utility -

Vendor Advisories

Red Hat:
An issue was discovered in the GNU C Library (glibc) 236 When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap ...

Exploits

Exploit DB: glibc syslog() Heap-Based Buffer Overflow
Qualys discovered a heap-based buffer overflow in the GNU C Library's __vsyslog_internal() function, which is called by both syslog() and vsyslog() This vulnerability was introduced in glibc 237 (in August 2022) ...

Mailing Lists

Full Disclosure: CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog()
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog() <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: ...

References

CWE-532https://sourceware.org/bugzilla/show_bug.cgi?id=29536https://security.netapp.com/advisory/ntap-20221104-0002/https://security.gentoo.org/glsa/202310-03http://www.openwall.com/lists/oss-security/2024/01/30/8http://www.openwall.com/lists/oss-security/2024/01/30/6http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.htmlhttp://seclists.org/fulldisclosure/2024/Feb/3https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2022-39046https://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671unauthorizedCVE-2024-4776CVE-2024-3407CVE-2024-26026CVE-2024-32888wirelessCVE-2024-4656template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook