Home > Vulnerability Database > CVE-2023-6779

Mend.io Vulnerability Database

CVE-2023-6779

Good to know:

Date: January 31, 2024

An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer.

Language: C

Severity Score

8.2

Related Resources (12)

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2254395

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-6779

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/

Url: http://seclists.org/fulldisclosure/2024/Feb/3

Url: https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt

Url: https://www.openwall.com/lists/oss-security/2024/01/30/6

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/

Url: https://access.redhat.com/security/cve/CVE-2023-6779

Url: https://security.gentoo.org/glsa/202402-01

Url: http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html

Url: https://security.netapp.com/advisory/ntap-20240223-0006/

Url: https://www.mend.io/vulnerability-database/CVE-2023-6779

Severity Score

8.2

Weakness Type (CWE)

Out-of-bounds Write

CWE-787

Heap-based Buffer Overflow

CWE-122

Top Fix

Upgrade Version

Upgrade to version cross-localedef-native - 2.31+gitAUTOINC+1094741224_cd9f958c4c;cross-localedef-native - 2.31+gitAUTOINC+3ef8be9b89_cd9f958c4c;cross-localedef-native - 2.31;cross-localedef-native - no_fix;glibc-testsuite - no_fix;glibc-testsuite - 2.31;glibc - no_fix;glibc-initial - 2.25

Learn More

CVSS v3.1

Base Score:	8.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-6779

Good to know:

Date: January 31, 2024

Language: C

Severity Score

Related Resources (12)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?