« List of all CVEs

CVE-2023-6779

Glibc: off-by-one heap-based buffer overflow in __vsyslog_internal()

Published: 1/31/2024 Last updated: 5/12/2026 Reserved: 12/13/2023

An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version Score Severity Vector String
3.1 8.2 High CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Opam packages affected (1)

gettext-stub

Products affected (16)

Product Vendor Version
Red Hat Enterprise Linux 7 Red Hat All versions
Red Hat Enterprise Linux 7 Red Hat Windows Server 2008 for 32-bit Systems Service Pack 2
Red Hat Enterprise Linux 6 Red Hat < *
Red Hat Enterprise Linux 6 Red Hat < 60.2.1
Red Hat Enterprise Linux 8 Red Hat n/a
Red Hat Enterprise Linux 9 Red Hat n/a
Fedora Fedora n/a
Red Hat Enterprise Linux 6 Red Hat n/a
Red Hat Enterprise Linux 7 Red Hat Windows 10 Version 1511 for 32-bit Systems
Red Hat Enterprise Linux 9 Red Hat Windows 10 Version 1703 for x64-based Systems
Red Hat Enterprise Linux 8 Red Hat Windows 10 Version 1607 for 32-bit Systems
Fedora Fedora Windows 10 Version 1709 for x64-based Systems
Red Hat Enterprise Linux 6 Red Hat < *
Red Hat Enterprise Linux 7 Red Hat n/a
glibc n/a n/a
glibc n/a < *

References (42)

Credits (2)