PT-2022-4602 · Glibc · Glibc

Adhemerval Zanella

Published

2022-08-31

Updated

2024-06-15

CVE-2022-39046

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions glibc versions 2.36 through 2.37

Description The issue is related to the syslog function in the glibc library, which can read uninitialized memory from the heap when passed a crafted input string larger than 1024 bytes. This can potentially reveal a portion of the contents of the heap. The problem is associated with a heap-based buffer overflow.

Recommendations For glibc versions 2.36 through 2.37, consider disabling the syslog function until a patch is available. Restrict access to the syslog function to minimize the risk of exploitation. Avoid using the syslog function with input strings larger than 1024 bytes until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Access of Uninitialized Pointer

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-824CWE-532

Related Identifiers

BDU:2022-05480

CVE-2022-39046

OPENSUSE-SU-2024:12316-1

Affected Products

Glibc

PT-2022-4602 · Glibc · Glibc

CVE-2022-39046

Weakness Enumeration

Related Identifiers

Affected Products

References · 27