CVE-2023-6780

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-6780

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-6780.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-6780

Related

Published

2024-01-31T14:15:48Z

Modified

2024-09-18T03:27:20.357057Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

[none]

Details

An integer overflow was found in the _vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.

References

Affected packages

Debian:12 / glibc

Package

Name: glibc
Purl: pkg:deb/debian/glibc?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.36-9+deb12u4

Affected versions

2.*

2.36-9

2.36-9+deb12u1

2.36-9+deb12u2

2.36-9+deb12u3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / glibc

Package

Name: glibc
Purl: pkg:deb/debian/glibc?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.37-15

Affected versions

2.*

2.36-9

2.36-9+loong64

2.36-10~0

2.37-1

2.37-2

2.37-3

2.37-4

2.37-5

2.37-6

2.37-7

2.37-8

2.37-9

2.37-10

2.37-11

2.37-12

2.37-13

2.37-14

2.37-15~deb13u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / sourceware.org/git/glibc.git

Affected ranges

Type: GIT
Repo: https://sourceware.org/git/glibc.git
Events: Introduced

a704fd9a133bfb10510e18702f48a6a9c88dbbd5

Fixed

ef321e23c20eebc6d6fb4044425c00e6df27b05f

Affected versions

glibc-2.*

glibc-2.37

glibc-2.37.9000

glibc-2.38

glibc-2.38.9000