CVE-2023-6780

CVSS V2 None CVSS V3 None

Description

An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.

Overview

CVE ID
CVE-2023-6780

Assigner
redhat

Vulnerability Status
PUBLISHED

Published Version
2024-01-31T14:08:02.610Z

Last Modified Date
2024-03-26T15:30:47.720Z

Weakness Enumerations

CWE	URL
CWE-131	http://cwe.mitre.org/data/definitions/131.html

References

Reference URL	Reference Tags
http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html
http://seclists.org/fulldisclosure/2024/Feb/3
https://access.redhat.com/security/cve/CVE-2023-6780	vdb-entry x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2254396	issue-tracking x_refsource_REDHAT
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/
https://security.gentoo.org/glsa/202402-01
https://www.openwall.com/lists/oss-security/2024/01/30/6
https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-6780
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6780

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 06:19:52				Added to TrackCVE