Description
An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4Attack Vector: Network
Complexity: Low
Privileges: None
User Interaction: None
Scope: Unchanged
Confidentiality: None
Integrity: None
Availability: Low
Affected Packages2 packages
▶Debianglibc< 2.36-9+deb12u4+2 Also affects: Fedora 38, 39
🔴Vulnerability Details
3CVEListGlibc: integer overflow in __vsyslog_internal()↗2024-01-31 OSVCVE-2023-6780: An integer overflow was found in the __vsyslog_internal function of the glibc library↗2024-01-31 GHSAGHSA-jjr8-97p7-vmmg: An integer overflow was found in the __vsyslog_internal function of the glibc library↗2024-01-31 📋Vendor Advisories
4UbuntuGNU C Library vulnerabilities↗2024-02-01 Red Hatglibc: integer overflow in __vsyslog_internal()↗2024-01-30 MicrosoftGlibc: integer overflow in __vsyslog_internal()↗2024-01-09 DebianCVE-2023-6780: glibc - An integer overflow was found in the __vsyslog_internal function of the glibc li...↗2023 🕵️Threat Intelligence
2QualysQualys TRU Discovers Important Vulnerabilities in GNU C Library’s syslog() | Qualys↗2024-01-30 QualysQualys TRU Discovers Important Vulnerabilities in GNU C Library’s syslog()↗2024-01-30