CVE-2023-6779

Glibc: off-by-one heap-based buffer overflow in __vsyslog_internal()

Published: 1/31/2024 Last updated: 6/13/2025 Reserved: 12/13/2023

An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	8.2	High	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Opam packages affected (1)

gettext-stub

Products affected (7)

Product	Vendor	Version
Red Hat Enterprise Linux 7	Red Hat	Qualcomm Video Collaboration VC3 Platform
Red Hat Enterprise Linux 6	Red Hat	n/a
Red Hat Enterprise Linux 7	Red Hat	n/a
Fedora	Fedora	SM7675
Red Hat Enterprise Linux 8	Red Hat	SA8195P
Red Hat Enterprise Linux 9	Red Hat	SDX65M
glibc	n/a	<= 1.1

References (20)

Credits (1)

Red Hat would like to thank Qualys Threat Research Unit for reporting this issue.