CVE-2023-6246

Exploit

EPSS 25.08%
Published 31.01.2024 14:15:48
Last modified 21.11.2024 08:43:27
Source secalert@redhat.com
Teams watchlist Login
Open Login

A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.

Affected products Warnungen 0 Metrics 3 CWE 2 References 15

Data is provided by the National Vulnerability Database (NVD)

Gnu ≫ Glibc Version >= 2.36 < 2.39

Fedoraproject ≫ Fedora Version38

Fedoraproject ≫ Fedora Version39

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	25.08%	0.96

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
secalert@redhat.com	8.4	2.5	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-122 Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html

Third Party Advisory

Exploit

VDB Entry

http://seclists.org/fulldisclosure/2024/Feb/3

Third Party Advisory

Exploit

https://security.gentoo.org/glsa/202402-01

Third Party Advisory

http://packetstormsecurity.com/files/176931/glibc-qsort-Out-Of-Bounds-Read-Write.html