IM
IronMonkey Threat Research

CVE-2023-6779 HIGH

Published: 2024-01-31 | Last Modified: 2026-05-12 | Status: Modified

Description

An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer.

Additional Descriptions (1)

Se encontró un desbordamiento de búfer en la región Heap de la memoria de off-by-one en la función __vsyslog_internal de la librería glibc. Esta función es llamada por las funciones syslog y vsyslog. Este problema ocurre cuando estas funciones se llaman con un mensaje mayor que INT_MAX bytes, lo que genera un cálculo incorrecto del tamaño del búfer para almacenar el mensaje, lo que provoca un bloqueo de la aplicación. Este problema afecta a glibc 2.37 y posteriores.

CVSS Metrics

Base Score: 7.5 (HIGH)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack VectorNETWORK
Attack ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactNONE
Integrity ImpactNONE
Availability ImpactHIGH

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 3.6

Weaknesses

Source Type Description
[email protected] Secondary
en CWE-122
[email protected] Primary
en CWE-787

Affected Products

Vendor Product Version Update Type
gnu glibc * <built-in method update of dict object at 0x702b8052c9c0> Application
fedoraproject fedora 38 <built-in method update of dict object at 0x702bfc336240> Operating System
fedoraproject fedora 39 <built-in method update of dict object at 0x702bfc337240> Operating System

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
Yes cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

References

Notification
Message here