Untriaged
Permalink
CVE-2023-6779
8.2 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): LOW
- Availability impact (A): HIGH
Glibc: off-by-one heap-based buffer overflow in __vsyslog_internal()
An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer.
References
- RHBZ#2254395 issue-tracking x_refsource_REDHAT
- https://www.openwall.com/lists/oss-security/2024/01/30/6
- http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Over…
- https://access.redhat.com/security/cve/CVE-2023-6779 x_refsource_REDHAT vdb-entry
- https://access.redhat.com/security/cve/CVE-2023-6779 x_refsource_REDHAT vdb-entry
- RHBZ#2254395 issue-tracking x_refsource_REDHAT
- https://www.openwall.com/lists/oss-security/2024/01/30/6
- http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Over…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://access.redhat.com/security/cve/CVE-2023-6779 x_refsource_REDHAT vdb-entry
- RHBZ#2254395 issue-tracking x_refsource_REDHAT
- https://www.openwall.com/lists/oss-security/2024/01/30/6
- http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Over…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://security.gentoo.org/glsa/202402-01
- https://access.redhat.com/security/cve/CVE-2023-6779 x_refsource_REDHAT vdb-entry
- RHBZ#2254395 issue-tracking x_refsource_REDHAT
- https://www.openwall.com/lists/oss-security/2024/01/30/6
- http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Over…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://security.gentoo.org/glsa/202402-01
- http://seclists.org/fulldisclosure/2024/Feb/3
- https://security.gentoo.org/glsa/202402-01
- https://www.openwall.com/lists/oss-security/2024/01/30/6
- http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Over…
- http://seclists.org/fulldisclosure/2024/Feb/3
- https://access.redhat.com/security/cve/CVE-2023-6779 x_refsource_REDHAT vdb-entry
- RHBZ#2254395 issue-tracking x_refsource_REDHAT
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Over…
- http://seclists.org/fulldisclosure/2024/Feb/3
- https://access.redhat.com/security/cve/CVE-2023-6779 x_refsource_REDHAT vdb-entry
- RHBZ#2254395 issue-tracking x_refsource_REDHAT
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://security.gentoo.org/glsa/202402-01
- https://www.openwall.com/lists/oss-security/2024/01/30/6
- https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt
- http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Over…
- http://seclists.org/fulldisclosure/2024/Feb/3
- https://access.redhat.com/security/cve/CVE-2023-6779 x_refsource_REDHAT vdb-entry
- RHBZ#2254395 issue-tracking x_refsource_REDHAT
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://security.gentoo.org/glsa/202402-01
- https://www.openwall.com/lists/oss-security/2024/01/30/6
- https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt
- https://security.netapp.com/advisory/ntap-20240223-0006/
- http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Over…
- http://seclists.org/fulldisclosure/2024/Feb/3
- https://access.redhat.com/security/cve/CVE-2023-6779 x_refsource_REDHAT vdb-entry
- RHBZ#2254395 issue-tracking x_refsource_REDHAT
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://security.gentoo.org/glsa/202402-01
- https://www.openwall.com/lists/oss-security/2024/01/30/6
- https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt
- https://security.netapp.com/advisory/ntap-20240223-0006/
- http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Over… x_transferred
- http://seclists.org/fulldisclosure/2024/Feb/3 x_transferred
- https://access.redhat.com/security/cve/CVE-2023-6779 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2254395 issue-tracking x_refsource_REDHAT x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://security.gentoo.org/glsa/202402-01 x_transferred
- https://www.openwall.com/lists/oss-security/2024/01/30/6 x_transferred
- https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt x_transferred
- https://security.netapp.com/advisory/ntap-20240223-0006/ x_transferred
- http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Over…
- http://seclists.org/fulldisclosure/2024/Feb/3
- https://access.redhat.com/security/cve/CVE-2023-6779 x_refsource_REDHAT vdb-entry
- RHBZ#2254395 issue-tracking x_refsource_REDHAT
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://security.gentoo.org/glsa/202402-01
- https://www.openwall.com/lists/oss-security/2024/01/30/6
- https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt
- https://security.netapp.com/advisory/ntap-20240223-0006/
- http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Over… x_transferred
- http://seclists.org/fulldisclosure/2024/Feb/3 x_transferred
- https://access.redhat.com/security/cve/CVE-2023-6779 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2254395 issue-tracking x_refsource_REDHAT x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://security.gentoo.org/glsa/202402-01 x_transferred
- https://www.openwall.com/lists/oss-security/2024/01/30/6 x_transferred
- https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt x_transferred
- https://security.netapp.com/advisory/ntap-20240223-0006/ x_transferred
- http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Over…
- http://seclists.org/fulldisclosure/2024/Feb/3
- https://access.redhat.com/security/cve/CVE-2023-6779 x_refsource_REDHAT vdb-entry
- RHBZ#2254395 issue-tracking x_refsource_REDHAT
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://security.gentoo.org/glsa/202402-01
- https://www.openwall.com/lists/oss-security/2024/01/30/6
- https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt
- https://security.netapp.com/advisory/ntap-20240223-0006/
- http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Over… x_transferred
- http://seclists.org/fulldisclosure/2024/Feb/3 x_transferred
- https://access.redhat.com/security/cve/CVE-2023-6779 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2254395 issue-tracking x_refsource_REDHAT x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://security.gentoo.org/glsa/202402-01 x_transferred
- https://www.openwall.com/lists/oss-security/2024/01/30/6 x_transferred
- https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt x_transferred
- https://security.netapp.com/advisory/ntap-20240223-0006/ x_transferred
Affected products
glibc
- ==2.39
compat-glibc
Matching in nixpkgs
pkgs.mtrace
Perl script used to interpret and provide human readable output of the trace log contained in the file mtracedata, whose contents were produced by mtrace(3)
-
nixos-unstable -
- nixpkgs-unstable 2.40-66
pkgs.glibc_multi
None
-
nixos-unstable -
- nixpkgs-unstable 2.40-66
pkgs.glibcLocales
Locale information for the GNU C Library
-
nixos-unstable -
- nixpkgs-unstable 2.40-66
pkgs.glibc_memusage
GNU C Library
-
nixos-unstable -
- nixpkgs-unstable 2.40-66
pkgs.glibcLocalesUtf8
Locale information for the GNU C Library
-
nixos-unstable -
- nixpkgs-unstable 2.40-66
pkgs.unixtools.getent
None
-
nixos-unstable -
- nixpkgs-unstable 2.40-66
pkgs.unixtools.locale
None
-
nixos-unstable -
- nixpkgs-unstable 2.40-66
pkgs.unixtools.getconf
None
-
nixos-unstable -
- nixpkgs-unstable 2.40-66
Package maintainers
-
@Ma27 Maximilian Bosch <maximilian@mbosch.me>
-
@ConnorBaker Connor Baker <ConnorBaker01@gmail.com>