CVE-2023-6779

Name of the Vulnerable Software and Affected Versions glibc versions 2.37 and newer

Description The issue is related to an off-by-one heap-based buffer overflow in the vsyslog internal function of the glibc library. This function is called by the syslog and vsyslog functions. The overflow occurs when these functions are called with a message bigger than INT MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash.

Recommendations For glibc versions 2.37 and newer, consider disabling the vsyslog internal function as a temporary workaround until a patch is available. Restrict the size of messages passed to the syslog and vsyslog functions to prevent buffer overflows. Avoid using messages bigger than INT MAX bytes in the affected functions until the issue is resolved.