Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-6246

Опубликовано: 31 янв. 2024
Источник: nvd
CVSS3: 8.4
CVSS3: 7.8
EPSS Средний

Описание

A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
Версия от 2.36 (включая) до 2.39 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

EPSS

Процентиль: 96%
0.24316
Средний

8.4 High

CVSS3

7.8 High

CVSS3

Дефекты

CWE-122
CWE-787

Связанные уязвимости

ubuntu логотип

CVE-2023-6246

CVSS3: 8.4
ubuntu
около 2 лет назад

A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.

redhat логотип

CVE-2023-6246

CVSS3: 8.4
redhat
около 2 лет назад

A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.

msrc логотип

CVE-2023-6246

CVSS3: 7.8
msrc
больше 1 года назад

Описание отсутствует

debian логотип

CVE-2023-6246

CVSS3: 8.4
debian
около 2 лет назад

A heap-based buffer overflow was found in the __vsyslog_internal funct ...

github логотип

GHSA-p6rw-gvvh-q8v4

CVSS3: 8.4
github
около 2 лет назад

A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.

EPSS

Процентиль: 96%
0.24316
Средний

8.4 High

CVSS3

7.8 High

CVSS3

Дефекты

CWE-122
CWE-787