CVE-2023-6780 — MEDIUM (5.3)

Q: How severe is CVE-2023-6780?

CVE-2023-6780 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-6780?

Check the references section above for vendor advisories and patch information. Affected products include: Gnu Glibc, Fedoraproject Fedora.

Vulnerability Description

An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Gnu	Glibc	>= 2.37, < 2.39
Fedoraproject	Fedora	38

Related Weaknesses (CWE)

CWE-131 CWE-190

References

http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-OverfExploitThird Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2024/Feb/3ExploitMailing ListThird Party Advisory
https://access.redhat.com/security/cve/CVE-2023-6780Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2254396Issue Tracking
https://lists.fedoraproject.org/archives/list/[email protected]Mailing List
https://lists.fedoraproject.org/archives/list/[email protected]Mailing List
https://security.gentoo.org/glsa/202402-01Third Party Advisory
https://www.openwall.com/lists/oss-security/2024/01/30/6ExploitMailing List
https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txtThird Party Advisory
http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-OverfExploitThird Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2024/Feb/3ExploitMailing ListThird Party Advisory
https://access.redhat.com/security/cve/CVE-2023-6780Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2254396Issue Tracking
https://lists.fedoraproject.org/archives/list/[email protected]Mailing List
https://lists.fedoraproject.org/archives/list/[email protected]Mailing List

FAQ

What is CVE-2023-6780?

CVE-2023-6780 is a vulnerability with a CVSS score of 5.3 (MEDIUM). An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called wi...

How severe is CVE-2023-6780?

CVE-2023-6780 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-6780?

Check the references section above for vendor advisories and patch information. Affected products include: Gnu Glibc, Fedoraproject Fedora.