CVE-2023-6780

MEDIUM

glibc 2.37-2.38 - Heap-Based Buffer Overflow in __vsyslog_internal

Title source: llm
STIX 2.1

Description

An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.

References (11)

Core 11
Core References
Exploit, Mailing List, Third Party Advisory
http://seclists.org/fulldisclosure/2024/Feb/3
Third Party Advisory vdb-entry x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2023-6780
Issue Tracking issue-tracking x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2254396

Scores

CVSS v3 5.3
EPSS 0.0269
EPSS Percentile 83.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-131 CWE-190
Status published
Products (9)
None/glibc 2.39
Fedora/Fedora
fedoraproject/fedora 38
fedoraproject/fedora 39
gnu/glibc 2.37 - 2.39
Red Hat/Red Hat Enterprise Linux 6
Red Hat/Red Hat Enterprise Linux 7
Red Hat/Red Hat Enterprise Linux 8
Red Hat/Red Hat Enterprise Linux 9
Published Jan 31, 2024
Tracked Since Feb 18, 2026