Skip to main content

GNU glibc CVE-2023-6779

HIGH
Heap-based Buffer Overflow (CWE-122)
2024-01-31 secalert@redhat.com
8.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.2 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
High

DescriptionCVE.org

An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer.

AnalysisAI

Heap-based off-by-one buffer overflow in glibc's __vsyslog_internal function affects versions 2.37 and newer, triggered when syslog() or vsyslog() are invoked with messages exceeding INT_MAX bytes. Remote attackers can cause application crashes (denial of service) and potentially impact integrity in applications that log attacker-controlled data via syslog. Publicly available exploit code exists, though EPSS exploitation probability remains moderate at 0.65% (71st percentile) and the issue is not listed in CISA KEV.

Technical ContextAI

The vulnerability resides in __vsyslog_internal, a core internal helper inside the GNU C Library that backs the POSIX syslog() and vsyslog() interfaces used by virtually every Linux userspace process for logging. The root cause is CWE-122 (heap-based buffer overflow), specifically an off-by-one error in size calculation: when a log message larger than INT_MAX bytes is passed in, integer arithmetic produces an incorrect buffer length, causing a one-byte heap overrun when the message is written. Affected CPEs explicitly include gnu:glibc (all matching versions 2.37+), and Fedora 38 and Fedora 39, both of which ship glibc 2.37/2.38 in their base distributions. Because glibc is foundational, the bug surfaces in any application that forwards externally influenced strings into syslog without length capping.

RemediationAI

Upgrade affected systems to a glibc version containing the upstream fix in __vsyslog_internal - Patch available per vendor advisory, with downstream packages distributed via Fedora's bodhi updates for Fedora 38 and 39 and Red Hat errata tracked under the secalert@redhat.com reporter channel; consult your distribution's security tracker for the exact patched glibc package version applicable to your release. As a compensating control where prompt patching is not possible, audit applications that pass untrusted input directly to syslog()/vsyslog() and enforce a strict message length cap well below INT_MAX (e.g., truncate to a few kilobytes before logging), which has the side effect of losing very long log lines but eliminates the trigger; additionally, restricting which network-exposed services can reach syslog with attacker-controlled data (via input validation at the application boundary or WAF rules) reduces exposure at the cost of additional rule maintenance.

More in Glibc

View all
CVE-2015-0235 CRITICAL POC
10.0 Jan 28

Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18,

CVE-2015-7547 HIGH POC
8.1 Feb 18

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C

CVE-2023-6246 HIGH POC
8.4 Jan 31

Local privilege escalation in GNU glibc 2.36 and newer arises from a heap-based buffer overflow in __vsyslog_internal, r

CVE-2014-5119 HIGH POC
7.5 Aug 29

Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-depe

CVE-2012-4412 HIGH POC
7.5 Oct 09

Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-depende

CVE-2018-1000001 HIGH POC
7.8 Jan 31

In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before th

CVE-2023-25139 CRITICAL POC
9.8 Feb 03

sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct

CVE-2021-33574 CRITICAL POC
9.8 May 25

The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. Rated critical seve

CVE-2019-1010022 CRITICAL POC
9.8 Jul 15

GNU Libc current is affected by: Mitigation bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely e

CVE-2019-9169 CRITICAL POC
9.8 Feb 26

In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer ove

CVE-2017-1000366 HIGH POC
7.8 Jun 19

glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causin

CVE-2014-9402 HIGH POC
7.8 Feb 24

The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Se

Share

CVE-2023-6779 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy