How severe is CVE-2023-6780?

CVE-2023-6780 has a CVSS v3 score of 5.3 (MEDIUM).

CVE-2023-6780

Name: fedora
Author: fedoraproject

5.3MEDIUM

An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called wi

发布于: 1/31/2024更新于: 2/7/2025

描述

An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.

AI分析AI驱动

受影响产品

gnuglibc

fedoraprojectfedora

参考资料

http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html
ExploitThird Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2024/Feb/3
ExploitMailing ListThird Party Advisory
https://access.redhat.com/security/cve/CVE-2023-6780
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2254396
Issue Tracking
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/
Mailing List
https://security.gentoo.org/glsa/202402-01
Third Party Advisory
https://www.openwall.com/lists/oss-security/2024/01/30/6
ExploitMailing List
https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt
Third Party Advisory
http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html
ExploitThird Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2024/Feb/3
ExploitMailing ListThird Party Advisory
https://access.redhat.com/security/cve/CVE-2023-6780
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2254396
Issue Tracking
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/
Mailing List
https://security.gentoo.org/glsa/202402-01
Third Party Advisory
https://security.netapp.com/advisory/ntap-20250207-0010/
https://www.openwall.com/lists/oss-security/2024/01/30/6
ExploitMailing List
https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt
Third Party Advisory