CVE-2023-6780

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-6780
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-6780.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-6780
Downstream
Related
Published
2024-01-31T14:15:48.917Z
Modified
2026-04-16T04:31:40.809261760Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
[none]
Details

An integer overflow was found in the _vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.

References

Affected packages

Git / github.com/bminor/glibc

Affected ranges

Type
GIT
Repo
https://github.com/bminor/glibc
Events
Introduced
a704fd9a133bfb10510e18702f48a6a9c88dbbd5
Fixed
ef321e23c20eebc6d6fb4044425c00e6df27b05f
Database specific 
{
    "versions": [
        {
            "introduced": "2.37"
        },
        {
            "fixed": "2.39"
        }
    ]
}

Affected versions

glibc-2.*
glibc-2.37
glibc-2.37.9000
glibc-2.38
glibc-2.38.9000

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-6780.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "38"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "39"
            }
        ]
    }
]