CVE-2023-6779

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-6779
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-6779.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-6779
Downstream
Related
Published
2024-01-31T14:15:48.700Z
Modified
2026-04-16T04:32:27.598837413Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

An off-by-one heap-based buffer overflow was found in the __vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INTMAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer.

References

Affected packages

Git / github.com/bminor/glibc

Affected ranges

Type
GIT
Repo
https://github.com/bminor/glibc
Events
Introduced
a704fd9a133bfb10510e18702f48a6a9c88dbbd5
Fixed
ef321e23c20eebc6d6fb4044425c00e6df27b05f
Database specific 
{
    "versions": [
        {
            "introduced": "2.37"
        },
        {
            "fixed": "2.39"
        }
    ]
}

Affected versions

glibc-2.*
glibc-2.37
glibc-2.37.9000
glibc-2.38
glibc-2.38.9000

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-6779.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "38"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "39"
            }
        ]
    }
]