An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.
Se encontró un desbordamiento de enteros en la función __vsyslog_internal de la liibrería glibc. Esta función es llamada por las funciones syslog y vsyslog. Este problema ocurre cuando estas funciones se llaman con un mensaje muy largo, lo que genera un cálculo incorrecto del tamaño del búfer para almacenar el mensaje, lo que genera un comportamiento indefinido. Este problema afecta a glibc 2.37 y posteriores.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | NONE |
| Integrity Impact | NONE |
| Availability Impact | LOW |
| Source | Type | Description |
|---|---|---|
| [email protected] | Secondary |
en
CWE-131
|
| [email protected] | Secondary |
en
CWE-131
en
CWE-190
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| gnu | glibc | * | <built-in method update of dict object at 0x702b8344fec0> | Application |
| fedoraproject | fedora | 38 | <built-in method update of dict object at 0x702bdc518780> | Operating System |
| fedoraproject | fedora | 39 | <built-in method update of dict object at 0x702b8344eb40> | Operating System |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* |