Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-39046

Опубликовано: 31 авг. 2022
Источник: debian
EPSS Низкий

Описание

An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
glibcnot-affectedpackage

Примечания

  • https://sourceware.org/bugzilla/show_bug.cgi?id=29536

  • https://sourceware.org/pipermail/libc-alpha/2022-August/141707.html

  • Introduced by: https://sourceware.org/git/?p=glibc.git;a=commit;h=a583b6add407c17cdcd4146be3876061a5e1d555 (glibc-2.36)

  • Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=52a5be0df411ef3ff45c10c7c308cb92993d15b1

EPSS

Процентиль: 68%
0.00574
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2022-39046

CVSS3: 7.5
ubuntu
больше 3 лет назад

An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap.

redhat логотип

CVE-2022-39046

CVSS3: 5.3
redhat
больше 3 лет назад

An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap.

nvd логотип

CVE-2022-39046

CVSS3: 7.5
nvd
больше 3 лет назад

An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap.

github логотип

GHSA-f6rj-qrpf-jc34

CVSS3: 5.3
github
больше 3 лет назад

An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap.

fstec логотип

BDU:2022-05480

CVSS3: 7.5
fstec
больше 3 лет назад

Уязвимость функции syslog() системной библиотеки glibc, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 68%
0.00574
Низкий