Description
An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:HExploitability: 3.9 | Impact: 4.2Attack Vector: Network
Complexity: Low
Privileges: None
User Interaction: None
Scope: Unchanged
Confidentiality: None
Integrity: Low
Availability: High
Affected Packages2 packages
▶Debianglibc< 2.36-9+deb12u4+2 Also affects: Fedora 38, 39
🔴Vulnerability Details
3GHSAGHSA-p5vr-h433-qhqr: An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library↗2024-01-31 OSVCVE-2023-6779: An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library↗2024-01-31 CVEListGlibc: off-by-one heap-based buffer overflow in __vsyslog_internal()↗2024-01-31 📋Vendor Advisories
4UbuntuGNU C Library vulnerabilities↗2024-02-01 Red Hatglibc: off-by-one heap-based buffer overflow in __vsyslog_internal()↗2024-01-30 MicrosoftGlibc: off-by-one heap-based buffer overflow in __vsyslog_internal()↗2024-01-09 DebianCVE-2023-6779: glibc - An off-by-one heap-based buffer overflow was found in the __vsyslog_internal fun...↗2023 🕵️Threat Intelligence
2QualysQualys TRU Discovers Important Vulnerabilities in GNU C Library’s syslog() | Qualys↗2024-01-30 QualysQualys TRU Discovers Important Vulnerabilities in GNU C Library’s syslog()↗2024-01-30