CVE-2023-6780

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions glibc versions 2.37 and newer

Description The issue is related to an integer overflow in the vsyslog internal function of the glibc library, which is called by the syslog and vsyslog functions. This occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior.

Recommendations For glibc versions 2.37 and newer, consider disabling the vsyslog internal function or restricting the use of the syslog and vsyslog functions until a patch is available. Additionally, avoid using very long messages with these functions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-131CWE-190CWE-189

Related Identifiers

ALT-PU-2024-1634

AZL-34737

BDU:2024-01234

CVE-2023-6780

DSA-5611-1

MGASA-2024-0026

USN-6620-1

Affected Products

Alt Linux

Ubuntu

Glibc

CVE-2023-6780

Weakness Enumeration

Related Identifiers

Affected Products

References · 51