Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-6779

Опубликовано: 31 янв. 2024
Источник: nvd
CVSS3: 8.2
CVSS3: 7.5
EPSS Низкий

Описание

An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
Версия от 2.37 (включая) до 2.39 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

EPSS

Процентиль: 69%
0.00608
Низкий

8.2 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-122
CWE-787

Связанные уязвимости

ubuntu логотип

CVE-2023-6779

CVSS3: 8.2
ubuntu
около 2 лет назад

An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer.

redhat логотип

CVE-2023-6779

CVSS3: 8.2
redhat
около 2 лет назад

An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer.

msrc логотип

CVE-2023-6779

CVSS3: 7.5
msrc
больше 1 года назад

Описание отсутствует

debian логотип

CVE-2023-6779

CVSS3: 8.2
debian
около 2 лет назад

An off-by-one heap-based buffer overflow was found in the __vsyslog_in ...

github логотип

GHSA-p5vr-h433-qhqr

CVSS3: 8.2
github
около 2 лет назад

An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer.

EPSS

Процентиль: 69%
0.00608
Низкий

8.2 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-122
CWE-787