CVE-2023-6780

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-6780
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-6780.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-6780
Related
Published
2024-01-31T14:15:48Z
Modified
2025-04-18T10:56:54.609565Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
[none]
Details

An integer overflow was found in the _vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.

References

Affected packages

Debian:12 / glibc

Package

Name
glibc
Purl
pkg:deb/debian/glibc?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.36-9+deb12u4

Affected versions

2.*

2.36-9
2.36-9+deb12u1
2.36-9+deb12u2
2.36-9+deb12u3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / glibc

Package

Name
glibc
Purl
pkg:deb/debian/glibc?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.37-15

Affected versions

2.*

2.36-9
2.36-9+loong64
2.36-10~0
2.37-1
2.37-2
2.37-3
2.37-4
2.37-5
2.37-6
2.37-7
2.37-8
2.37-9
2.37-10
2.37-11
2.37-12
2.37-13
2.37-14
2.37-15~deb13u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/bminor/glibc

Affected ranges

Type
GIT
Repo
https://github.com/bminor/glibc
Events

Affected versions

glibc-2.*

glibc-2.37
glibc-2.37.9000
glibc-2.38
glibc-2.38.9000