How severe is CVE-2023-6780?

CVE-2023-6780 has a CVSS v3 score of 5.3 (MEDIUM).

CVE-2023-6780

Name: fedora
Author: fedoraproject

5.3MEDIUM

An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called wi

公開日: 1/31/2024更新日: 2/7/2025

説明

An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.

AI分析AIによる分析

影響を受ける製品

gnuglibc

fedoraprojectfedora

参照

http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html
ExploitThird Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2024/Feb/3
ExploitMailing ListThird Party Advisory
https://access.redhat.com/security/cve/CVE-2023-6780
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2254396
Issue Tracking
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/
Mailing List
https://security.gentoo.org/glsa/202402-01
Third Party Advisory
https://www.openwall.com/lists/oss-security/2024/01/30/6
ExploitMailing List
https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt
Third Party Advisory
http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html
ExploitThird Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2024/Feb/3
ExploitMailing ListThird Party Advisory
https://access.redhat.com/security/cve/CVE-2023-6780
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2254396
Issue Tracking
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/
Mailing List
https://security.gentoo.org/glsa/202402-01
Third Party Advisory
https://security.netapp.com/advisory/ntap-20250207-0010/
https://www.openwall.com/lists/oss-security/2024/01/30/6
ExploitMailing List
https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt
Third Party Advisory