Medium severity5.3NVD Advisory· Published Jan 31, 2024· Updated May 12, 2026
CVE-2023-6780
CVE-2023-6780
Description
An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.
Affected products
5- Red Hat/Red Hat Enterprise Linux 6v5cpe:/o:redhat:enterprise_linux:6
- Red Hat/Red Hat Enterprise Linux 7v5cpe:/o:redhat:enterprise_linux:7
- Red Hat/Red Hat Enterprise Linux 8v5cpe:/o:redhat:enterprise_linux:8
- Red Hat/Red Hat Enterprise Linux 9v5cpe:/o:redhat:enterprise_linux:9
- Fedora/Fedorav5
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.htmlnvdExploitThird Party AdvisoryVDB Entry
- seclists.org/fulldisclosure/2024/Feb/3nvdExploitMailing ListThird Party Advisory
- www.openwall.com/lists/oss-security/2024/01/30/6nvdExploitMailing List
- access.redhat.com/security/cve/CVE-2023-6780nvdThird Party Advisory
- security.gentoo.org/glsa/202402-01nvdThird Party Advisory
- www.qualys.com/2024/01/30/cve-2023-6246/syslog.txtnvdThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue Tracking
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/nvdMailing List
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/nvdMailing List
- cert-portal.siemens.com/productcert/html/ssa-082556.htmlnvd
- security.netapp.com/advisory/ntap-20250207-0010/nvd
News mentions
0No linked articles in our index yet.