CVE-2023-6246

HIGH NUCLEI

glibc <2.36 - Buffer Overflow

Title source: llm

Description

A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.

Exploits (2)

nomisec WORKING POC 7 stars
by elpe-pinillo · poc
https://github.com/elpe-pinillo/CVE-2023-6246
nomisec WORKING POC
by SimoesCTT · poc
https://github.com/SimoesCTT/CTT-Vsyslog-Vortex-CVE-2023-6246

Nuclei Templates (1)

glibc's syslog - Local Privilege Escalation
HIGHby gy741

References (12)

Scores

CVSS v3 8.4
EPSS 0.2548
EPSS Percentile 96.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-122 CWE-787
Status published
Products (3)
fedoraproject/fedora 38
fedoraproject/fedora 39
gnu/glibc 2.36 - 2.39
Published Jan 31, 2024
Tracked Since Feb 18, 2026