Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-6780

Published: 31/01/2024 Updated: 26/03/2024
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Gnu

Vulnerability Summary

An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.

Vulnerable Product Search on Vulmon Subscribe to Product

gnu glibc

fedoraproject fedora 38

fedoraproject fedora 39

Vendor Advisories

Red Hat:
Description<!---->An integer overflow was found in the __vsyslog_internal function of the glibc library This function is called by the syslog and vsyslog functions This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior ...

Exploits

Exploit DB: glibc syslog() Heap-Based Buffer Overflow
Qualys discovered a heap-based buffer overflow in the GNU C Library's __vsyslog_internal() function, which is called by both syslog() and vsyslog() This vulnerability was introduced in glibc 237 (in August 2022) ...

Mailing Lists

Full Disclosure: CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog()
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog() <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: ...

References

CWE-131https://access.redhat.com/security/cve/CVE-2023-6780https://bugzilla.redhat.com/show_bug.cgi?id=2254396https://www.openwall.com/lists/oss-security/2024/01/30/6http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.htmlhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/https://security.gentoo.org/glsa/202402-01http://seclists.org/fulldisclosure/2024/Feb/3https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txthttps://nvd.nist.govhttps://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.htmlhttps://access.redhat.com/security/cve/cve-2023-6780
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook