CVE-2023-6780

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-6780
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-6780.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-6780
Downstream
Related
Published
2024-01-31T14:15:48Z
Modified
2025-09-24T12:18:01.795982Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
[none]
Details

An integer overflow was found in the _vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.

References

Affected packages

Git / sourceware.org/git/glibc.git

Affected ranges

Type
GIT
Repo
https://sourceware.org/git/glibc.git
Events
Introduced
a704fd9a133bfb10510e18702f48a6a9c88dbbd5
Fixed
ef321e23c20eebc6d6fb4044425c00e6df27b05f

Affected versions

glibc-2.*

glibc-2.37
glibc-2.37.9000
glibc-2.38
glibc-2.38.9000