CVE-2023-6779

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-6779
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-6779.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-6779
Related
Published
2024-01-31T14:15:48Z
Modified
2024-10-12T11:17:39.170205Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

An off-by-one heap-based buffer overflow was found in the _vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer.

References

Affected packages

Debian:12 / glibc

Package

Name
glibc
Purl
pkg:deb/debian/glibc?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.36-9+deb12u4

Affected versions

2.*

2.36-9
2.36-9+deb12u1
2.36-9+deb12u2
2.36-9+deb12u3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / glibc

Package

Name
glibc
Purl
pkg:deb/debian/glibc?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.37-15

Affected versions

2.*

2.36-9
2.36-9+loong64
2.36-10~0
2.37-1
2.37-2
2.37-3
2.37-4
2.37-5
2.37-6
2.37-7
2.37-8
2.37-9
2.37-10
2.37-11
2.37-12
2.37-13
2.37-14
2.37-15~deb13u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / sourceware.org/git/glibc.git

Affected ranges

Type
GIT
Repo
https://sourceware.org/git/glibc.git
Events
Introduced
a704fd9a133bfb10510e18702f48a6a9c88dbbd5
Fixed
ef321e23c20eebc6d6fb4044425c00e6df27b05f

Affected versions

glibc-2.*

glibc-2.37
glibc-2.37.9000
glibc-2.38
glibc-2.38.9000