IM
IronMonkey Threat Research

CVE-2023-6780 MEDIUM

Published: 2024-01-31 | Last Modified: 2026-05-12 | Status: Modified

Description

An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.

Additional Descriptions (1)

Se encontró un desbordamiento de enteros en la función __vsyslog_internal de la liibrería glibc. Esta función es llamada por las funciones syslog y vsyslog. Este problema ocurre cuando estas funciones se llaman con un mensaje muy largo, lo que genera un cálculo incorrecto del tamaño del búfer para almacenar el mensaje, lo que genera un comportamiento indefinido. Este problema afecta a glibc 2.37 y posteriores.

CVSS Metrics

Base Score: 5.3 (MEDIUM)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack VectorNETWORK
Attack ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactNONE
Integrity ImpactNONE
Availability ImpactLOW

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 1.4

Weaknesses

Source Type Description
[email protected] Secondary
en CWE-131
[email protected] Secondary
en CWE-131
en CWE-190

Affected Products

Vendor Product Version Update Type
gnu glibc * <built-in method update of dict object at 0x702b8344fec0> Application
fedoraproject fedora 38 <built-in method update of dict object at 0x702bdc518780> Operating System
fedoraproject fedora 39 <built-in method update of dict object at 0x702b8344eb40> Operating System

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
Yes cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

References

Notification
Message here