AZL-34735

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-34735.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-34735

Upstream

CVE-2023-6246

Published

2024-01-31T14:15:48Z

Modified

2026-04-01T05:12:39.093704Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

CVE-2023-6246 affecting package glibc for versions less than 2.38-6

Details

A heap-based buffer overflow was found in the _vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-6246

Affected packages

Azure Linux:3 / glibc

Package

Name: glibc
Purl: pkg:rpm/azure-linux/glibc

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.38-6

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-34735.json"