« List of all CVEs

CVE-2023-6246

Glibc: heap-based buffer overflow in __vsyslog_internal()

Published: 1/31/2024 Last updated: 5/12/2026 Reserved: 11/21/2023

A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version Score Severity Vector String
3.1 8.4 High CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Opam packages affected (1)

gettext-stub

Products affected (16)

Product Vendor Version
Red Hat Enterprise Linux 7 Red Hat Dell 2335dn Firmware and Dell 2355DN Firmware Version V2.70.45.34, A10 and Version V2.70.06.26, A13
Red Hat Enterprise Linux 7 Red Hat Windows 10 Version 1803 for 32-bit Systems
Red Hat Enterprise Linux 6 Red Hat n/a
Red Hat Enterprise Linux 6 Red Hat Windows 10 Version 1703 for x64-based Systems
Red Hat Enterprise Linux 8 Red Hat v1.4.x
Red Hat Enterprise Linux 9 Red Hat v1.5.x
Fedora Fedora v1.6.x
Red Hat Enterprise Linux 6 Red Hat Windows 10 Version 1709 for 32-bit Systems
Red Hat Enterprise Linux 7 Red Hat Windows 10 Version 1803 for x64-based Systems
Red Hat Enterprise Linux 9 Red Hat n/a
Red Hat Enterprise Linux 8 Red Hat ChakraCore
Fedora Fedora All versions < V8.01
Red Hat Enterprise Linux 6 Red Hat 1.0.3
Red Hat Enterprise Linux 7 Red Hat v1.3.x
glibc n/a Windows 10 Version 1703 for 32-bit Systems
glibc n/a 5.7.11 and earlier

References (50)

Credits (2)