CVE-2023-6779

An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer.
References
Link Resource
http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2024/Feb/3 Exploit Mailing List Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-6779 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2254395 Issue Tracking
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/ Mailing List
https://security.gentoo.org/glsa/202402-01 Third Party Advisory
https://security.netapp.com/advisory/ntap-20240223-0006/ Third Party Advisory
https://www.openwall.com/lists/oss-security/2024/01/30/6 Exploit Mailing List
https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt Third Party Advisory
http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2024/Feb/3 Exploit Mailing List Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-6779 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2254395 Issue Tracking
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/ Mailing List
https://security.gentoo.org/glsa/202402-01 Third Party Advisory
https://security.netapp.com/advisory/ntap-20240223-0006/ Third Party Advisory
https://www.openwall.com/lists/oss-security/2024/01/30/6 Exploit Mailing List
https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

History

21 Nov 2024, 08:44

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html - Exploit, Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html - Exploit, Third Party Advisory, VDB Entry
References () http://seclists.org/fulldisclosure/2024/Feb/3 - Exploit, Mailing List, Third Party Advisory () http://seclists.org/fulldisclosure/2024/Feb/3 - Exploit, Mailing List, Third Party Advisory
References () https://access.redhat.com/security/cve/CVE-2023-6779 - Third Party Advisory () https://access.redhat.com/security/cve/CVE-2023-6779 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2254395 - Issue Tracking () https://bugzilla.redhat.com/show_bug.cgi?id=2254395 - Issue Tracking
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/ - Mailing List () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/ - Mailing List
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/ - Mailing List () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/ - Mailing List
References () https://security.gentoo.org/glsa/202402-01 - Third Party Advisory () https://security.gentoo.org/glsa/202402-01 - Third Party Advisory
References () https://security.netapp.com/advisory/ntap-20240223-0006/ - Third Party Advisory () https://security.netapp.com/advisory/ntap-20240223-0006/ - Third Party Advisory
References () https://www.openwall.com/lists/oss-security/2024/01/30/6 - Exploit, Mailing List () https://www.openwall.com/lists/oss-security/2024/01/30/6 - Exploit, Mailing List
References () https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt - Third Party Advisory () https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt - Third Party Advisory
CVSS v2 : unknown
v3 : 7.5
v2 : unknown
v3 : 8.2

27 Feb 2024, 17:26

Type Values Removed Values Added
References () https://security.netapp.com/advisory/ntap-20240223-0006/ - () https://security.netapp.com/advisory/ntap-20240223-0006/ - Third Party Advisory
References () https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt - () https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt - Third Party Advisory

23 Feb 2024, 16:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20240223-0006/ -

15 Feb 2024, 07:15

Type Values Removed Values Added
References
  • () https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt -

09 Feb 2024, 00:59

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html - () http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html - Exploit, Third Party Advisory, VDB Entry
References () http://seclists.org/fulldisclosure/2024/Feb/3 - () http://seclists.org/fulldisclosure/2024/Feb/3 - Exploit, Mailing List, Third Party Advisory
References () https://access.redhat.com/security/cve/CVE-2023-6779 - () https://access.redhat.com/security/cve/CVE-2023-6779 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2254395 - () https://bugzilla.redhat.com/show_bug.cgi?id=2254395 - Issue Tracking
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/ - Mailing List
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/ - Mailing List
References () https://security.gentoo.org/glsa/202402-01 - () https://security.gentoo.org/glsa/202402-01 - Third Party Advisory
References () https://www.openwall.com/lists/oss-security/2024/01/30/6 - () https://www.openwall.com/lists/oss-security/2024/01/30/6 - Exploit, Mailing List
CPE cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
First Time Gnu glibc
Fedoraproject fedora
Fedoraproject
Gnu
CWE CWE-787
CVSS v2 : unknown
v3 : 8.2
v2 : unknown
v3 : 7.5

01 Feb 2024, 06:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/ -

31 Jan 2024, 18:15

Type Values Removed Values Added
References
  • () http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html -

31 Jan 2024, 14:28

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-31 14:15

Updated : 2024-11-21 08:44


NVD link : CVE-2023-6779

Mitre link : CVE-2023-6779

CVE.ORG link : CVE-2023-6779


JSON object : View

Products Affected

fedoraproject

  • fedora

gnu

  • glibc
CWE
CWE-122

Heap-based Buffer Overflow

CWE-787

Out-of-bounds Write