CVE-2023-6246

CVSS V2 None CVSS V3 None

Description

A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.

Overview

CVE ID
CVE-2023-6246

Assigner
redhat

Vulnerability Status
PUBLISHED

Published Version
2024-01-31T14:06:21.949Z

Last Modified Date
2024-02-15T06:56:44.724Z

Weakness Enumerations

CWE	URL
CWE-122	http://cwe.mitre.org/data/definitions/122.html

References

Reference URL	Reference Tags
http://packetstormsecurity.com/files/176931/glibc-qsort-Out-Of-Bounds-Read-Write.html
http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html
http://seclists.org/fulldisclosure/2024/Feb/3
http://seclists.org/fulldisclosure/2024/Feb/5
https://access.redhat.com/security/cve/CVE-2023-6246	vdb-entry x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2249053	issue-tracking x_refsource_REDHAT
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/
https://security.gentoo.org/glsa/202402-01
https://www.openwall.com/lists/oss-security/2024/01/30/6
https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt
https://security.netapp.com/advisory/ntap-20240216-0007/

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-6246
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6246

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 06:15:44				Added to TrackCVE