We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-6246

Glibc: heap-based buffer overflow in __vsyslog_internal()



Assignerredhat
Reserved2023-11-21
Published2024-01-31
Updated2024-10-17

Description

A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.



HIGH: 8.4CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Product status

2.39
unaffected

Default status
unaffected

Default status
unaffected

Default status
unaffected

Default status
unaffected

Default status
unaffected

Default status
unaffected

Default status
affected

Timeline

2023-11-06:Reported to Red Hat.
2024-01-30:Made public.

Credits

Red Hat would like to thank Qualys Threat Research Unit for reporting this issue.

References

http://packetstormsecurity.com/files/176931/glibc-qsort-Out-Of-Bounds-Read-Write.html

http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html

http://seclists.org/fulldisclosure/2024/Feb/3

http://seclists.org/fulldisclosure/2024/Feb/5

https://access.redhat.com/security/cve/CVE-2023-6246 vdb-entry

https://bugzilla.redhat.com/show_bug.cgi?id=2249053 (RHBZ#2249053) issue-tracking

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/

https://security.gentoo.org/glsa/202402-01

https://www.openwall.com/lists/oss-security/2024/01/30/6

https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt

https://security.netapp.com/advisory/ntap-20240216-0007/

cve.org CVE-2023-6246

nvd.nist.gov CVE-2023-6246

Download JSON

Share this page
https://cve.threatint.com
Subscribe to our newsletter to learn more about our work.