CVE-2023-6780

Glibc: integer overflow in __vsyslog_internal()

Published: 1/31/2024 Last updated: 6/17/2025 Reserved: 12/13/2023

An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	5.3	Medium	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Opam packages affected (1)

gettext-stub

Products affected (8)

Product	Vendor	Version
Red Hat Enterprise Linux 7	Red Hat	n/a
Red Hat Enterprise Linux 6	Red Hat	>=13.0, <13.0.1
Red Hat Enterprise Linux 7	Red Hat	<= 4.30.7M
Red Hat Enterprise Linux 8	Red Hat	<= 4.28.11M
Red Hat Enterprise Linux 9	Red Hat	n/a
Fedora	Fedora	<= 4.24.11M
Red Hat Enterprise Linux 6	Red Hat	3.0.1.1
glibc	n/a	Versions earlier than 10.1.0.160(C786E160R3P8)

References (19)

Credits (1)

Red Hat would like to thank Qualys Threat Research Unit for reporting this issue.