Untriaged
Glibc: off-by-one heap-based buffer overflow in __vsyslog_internal()
An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer.
Affected products
glibc
- ==2.39
compat-glibc
Matching in nixpkgs
pkgs.mtrace
Perl script used to interpret and provide human readable output of the trace log contained in the file mtracedata, whose contents were produced by mtrace(3)
-
nixos-unstable -
- nixpkgs-unstable 2.40-66
pkgs.glibc_multi
None
-
nixos-unstable -
- nixpkgs-unstable 2.40-66
pkgs.glibcLocales
Locale information for the GNU C Library
-
nixos-unstable -
- nixpkgs-unstable 2.40-66
pkgs.glibc_memusage
GNU C Library
-
nixos-unstable -
- nixpkgs-unstable 2.40-66
pkgs.glibcLocalesUtf8
Locale information for the GNU C Library
-
nixos-unstable -
- nixpkgs-unstable 2.40-66
pkgs.unixtools.getent
None
-
nixos-unstable -
- nixpkgs-unstable 2.40-66
pkgs.unixtools.locale
None
-
nixos-unstable -
- nixpkgs-unstable 2.40-66
pkgs.unixtools.getconf
None
-
nixos-unstable -
- nixpkgs-unstable 2.40-66
Package maintainers
-
@Ma27 Maximilian Bosch <maximilian@mbosch.me>
-
@ConnorBaker Connor Baker <ConnorBaker01@gmail.com>