Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-6246

Published: 31/01/2024 Updated: 16/02/2024
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 0
Subscribe to Gnu

Vulnerability Summary

A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnu glibc

fedoraproject fedora 38

fedoraproject fedora 39

Vendor Advisories

Red Hat:
Description<!---->A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library This function is called by the syslog and vsyslog functions This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 b ...

Exploits

Exploit DB: glibc qsort() Out-Of-Bounds Read / Write
Qualys discovered a memory corruption in the glibc's qsort() function, due to a missing bounds check To be vulnerable, a program must call qsort() with a nontransitive comparison function (a function cmp(int a, int b) that returns (a - b), for example) and with a large number of attacker-controlled elements (to cause a malloc() failure inside qsor ...
Exploit DB: glibc syslog() Heap-Based Buffer Overflow
Qualys discovered a heap-based buffer overflow in the GNU C Library's __vsyslog_internal() function, which is called by both syslog() and vsyslog() This vulnerability was introduced in glibc 237 (in August 2022) ...

Mailing Lists

Full Disclosure: Out-of-bounds read & write in the glibc's qsort()
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Out-of-bounds read &amp; write in the glibc's qsort() <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Qualys Secu ...
Full Disclosure: CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog()
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog() <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: ...

Github Repositories

https://github.com/YtvwlD/ele

ele spawns elevated processes.

ele ele spawns elevated processes To make this work, there are two pieces: ele ele is a command line application You can call it the way you might expect: $ ele id uid=0(root) gid=0(root) groups=0(root) At least for non-interactive applications For applications that need access to the terminal (like a shell), use -i: $ ele --interactive

Recent Articles

SBF likely off the hook for misplaced FTX funds after cops bust SIM swap ring
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources PLUS: more glibc vulns discovered; DraftKings hacker sentenced; and a hefty dose of critical vulnerabilities

Infosec In Brief The recent indictment of a massive SIM-swapping ring may mean convicted crypto conman Sam Bankman-Fried is innocent of at least one allegation still hanging over his head: The theft of more than $400 million in crypto hacked from wallets belonging to his crypto firm, FTX, just before it declared bankruptcy. As reported earlier this week, a trio of individuals, led by Chicago resident Robert Powell, were indicted [PDF] on charges of committing SIM swapping attacks on over 50 vict...

Read more...

References

CWE-787https://access.redhat.com/security/cve/CVE-2023-6246https://bugzilla.redhat.com/show_bug.cgi?id=2249053https://www.openwall.com/lists/oss-security/2024/01/30/6http://packetstormsecurity.com/files/176931/glibc-qsort-Out-Of-Bounds-Read-Write.htmlhttp://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.htmlhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/https://security.gentoo.org/glsa/202402-01http://seclists.org/fulldisclosure/2024/Feb/3http://seclists.org/fulldisclosure/2024/Feb/5https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txthttps://security.netapp.com/advisory/ntap-20240216-0007/https://nvd.nist.govhttps://github.com/YtvwlD/elehttps://www.theregister.co.uk/2024/02/05/sbf_off_the_hook_for/https://access.redhat.com/security/cve/cve-2023-6246
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook