CVE-2023-6779

HIGH

glibc 2.37-2.38 - Heap-based Buffer Overflow in __vsyslog_internal

Title source: llm
STIX 2.1

Description

An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer.

References (11)

Core 11
Core References
Exploit, Mailing List, Third Party Advisory
http://seclists.org/fulldisclosure/2024/Feb/3
Third Party Advisory vdb-entry x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2023-6779
Issue Tracking issue-tracking x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2254395

Scores

CVSS v3 8.2
EPSS 0.0313
EPSS Percentile 86.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-122 CWE-787
Status published
Products (9)
None/glibc 2.39
Fedora/Fedora
fedoraproject/fedora 38
fedoraproject/fedora 39
gnu/glibc 2.37 - 2.39
Red Hat/Red Hat Enterprise Linux 6
Red Hat/Red Hat Enterprise Linux 7
Red Hat/Red Hat Enterprise Linux 8
Red Hat/Red Hat Enterprise Linux 9
Published Jan 31, 2024
Tracked Since Feb 18, 2026