An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.
References
Configurations
History
21 Nov 2024, 08:44
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html - Exploit, Third Party Advisory, VDB Entry | |
References | () http://seclists.org/fulldisclosure/2024/Feb/3 - Exploit, Mailing List, Third Party Advisory | |
References | () https://access.redhat.com/security/cve/CVE-2023-6780 - Third Party Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2254396 - Issue Tracking | |
References | () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/ - Mailing List | |
References | () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/ - Mailing List | |
References | () https://security.gentoo.org/glsa/202402-01 - Third Party Advisory | |
References | () https://www.openwall.com/lists/oss-security/2024/01/30/6 - Exploit, Mailing List | |
References | () https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt - Third Party Advisory |
12 Feb 2024, 18:57
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
09 Feb 2024, 19:26
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt - Third Party Advisory |
09 Feb 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 Feb 2024, 00:59
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CWE | CWE-190 | |
References | () http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html - Exploit, Third Party Advisory, VDB Entry | |
References | () http://seclists.org/fulldisclosure/2024/Feb/3 - Exploit, Mailing List, Third Party Advisory | |
References | () https://access.redhat.com/security/cve/CVE-2023-6780 - Third Party Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2254396 - Issue Tracking | |
References | () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/ - Mailing List | |
References | () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/ - Mailing List | |
References | () https://security.gentoo.org/glsa/202402-01 - Third Party Advisory | |
References | () https://www.openwall.com/lists/oss-security/2024/01/30/6 - Exploit, Mailing List | |
First Time |
Gnu glibc
Fedoraproject fedora Fedoraproject Gnu |
01 Feb 2024, 06:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
31 Jan 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
31 Jan 2024, 14:28
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-31 14:15
Updated : 2024-11-21 08:44
NVD link : CVE-2023-6780
Mitre link : CVE-2023-6780
CVE.ORG link : CVE-2023-6780
JSON object : View
Products Affected
fedoraproject
- fedora
gnu
- glibc