High severity8.2NVD Advisory· Published Jan 31, 2024· Updated May 12, 2026
CVE-2023-6779
CVE-2023-6779
Description
An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer.
Affected products
5- Red Hat/Red Hat Enterprise Linux 6v5cpe:/o:redhat:enterprise_linux:6
- Red Hat/Red Hat Enterprise Linux 7v5cpe:/o:redhat:enterprise_linux:7
- Red Hat/Red Hat Enterprise Linux 8v5cpe:/o:redhat:enterprise_linux:8
- Red Hat/Red Hat Enterprise Linux 9v5cpe:/o:redhat:enterprise_linux:9
- Fedora/Fedorav5
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.htmlnvdExploitThird Party AdvisoryVDB Entry
- seclists.org/fulldisclosure/2024/Feb/3nvdExploitMailing ListThird Party Advisory
- www.openwall.com/lists/oss-security/2024/01/30/6nvdExploitMailing List
- access.redhat.com/security/cve/CVE-2023-6779nvdThird Party Advisory
- security.gentoo.org/glsa/202402-01nvdThird Party Advisory
- security.netapp.com/advisory/ntap-20240223-0006/nvdThird Party Advisory
- www.qualys.com/2024/01/30/cve-2023-6246/syslog.txtnvdThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue Tracking
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/nvdMailing List
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/nvdMailing List
- cert-portal.siemens.com/productcert/html/ssa-082556.htmlnvd
News mentions
0No linked articles in our index yet.