« List of all CVEs

CVE-2023-6780

Glibc: integer overflow in __vsyslog_internal()

Published: 1/31/2024 Last updated: 6/17/2025 Reserved: 12/13/2023

An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version Score Severity Vector String
3.1 5.3 Medium CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Opam packages affected (1)

gettext-stub

Products affected (12)

Product Vendor Version
Red Hat Enterprise Linux 7 Red Hat <= 8.14.0
Red Hat Enterprise Linux 6 Red Hat < 7a80f71601af015856a0aeb1e3c294037ac3dd32
Red Hat Enterprise Linux 7 Red Hat 3.12
Red Hat Enterprise Linux 9 Red Hat < fad92b11047a748c996ebd6cfb164a63814eeb2e
Fedora Fedora < 3.12
Red Hat Enterprise Linux 6 Red Hat 8.0.0.64
Red Hat Enterprise Linux 7 Red Hat 39db562b3fedb93978a7e42dd216b306740959f8
Red Hat Enterprise Linux 9 Red Hat 8.0.0.64
Fedora Fedora <= 8.13.0
Red Hat Enterprise Linux 6 Red Hat < c39cf4df19acf0133fa284a8cd83fad42cd13cc2
Red Hat Enterprise Linux 7 Red Hat < b2ef1f5de40342de44fc5355321595f91774dab5
glibc n/a < 3db4404435397a345431b45f57876a3df133f3b4

References (38)

Credits (2)