« List of all CVEs

CVE-2023-6780

Glibc: integer overflow in __vsyslog_internal()

Published: 1/31/2024 Last updated: 5/12/2026 Reserved: 12/13/2023

An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version Score Severity Vector String
3.1 5.3 Medium CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Opam packages affected (1)

gettext-stub

Products affected (16)

Product Vendor Version
Red Hat Enterprise Linux 7 Red Hat 12.4(2)XA1
Red Hat Enterprise Linux 7 Red Hat n/a
Red Hat Enterprise Linux 6 Red Hat 12.4(2)XB12
Red Hat Enterprise Linux 6 Red Hat All Android releases from CAF using the Linux kernel
Red Hat Enterprise Linux 8 Red Hat 12.3(14)YM8
Red Hat Enterprise Linux 9 Red Hat 12.3(14)YM12
Fedora Fedora 12.3(14)YM4
Red Hat Enterprise Linux 6 Red Hat 6.4.65 and prior
Red Hat Enterprise Linux 7 Red Hat < 23.1
Red Hat Enterprise Linux 9 Red Hat 7u161
Red Hat Enterprise Linux 8 Red Hat Java SE: 6u171
Fedora Fedora Cisco NX-OS unknown
Red Hat Enterprise Linux 6 Red Hat 12.4(2)XA
Red Hat Enterprise Linux 7 Red Hat 12.4(2)XA2
glibc n/a n/a
glibc n/a 12.4(2)XB5

References (40)

Credits (2)