CVE-2023-6779

CVSS V2 None CVSS V3 None

Description

An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer.

Overview

CVE ID
CVE-2023-6779

Assigner
redhat

Vulnerability Status
PUBLISHED

Published Version
2024-01-31T14:07:41.967Z

Last Modified Date
2024-02-15T06:57:30.291Z

Weakness Enumerations

CWE	URL
CWE-122	http://cwe.mitre.org/data/definitions/122.html

References

Reference URL	Reference Tags
http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html
http://seclists.org/fulldisclosure/2024/Feb/3
https://access.redhat.com/security/cve/CVE-2023-6779	vdb-entry x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2254395	issue-tracking x_refsource_REDHAT
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/
https://security.gentoo.org/glsa/202402-01
https://www.openwall.com/lists/oss-security/2024/01/30/6
https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt
https://security.netapp.com/advisory/ntap-20240223-0006/

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-6779
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6779

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 07:00:56				Added to TrackCVE