CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
55.7%
An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap.
Vendor | Product | Version | CPE |
---|---|---|---|
gnu | glibc | 2.36 | cpe:2.3:a:gnu:glibc:2.36:*:*:*:*:*:*:* |
netapp | h300s | - | cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* |
netapp | h300s_firmware | - | cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* |
netapp | h500s | - | cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* |
netapp | h500s_firmware | - | cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* |
netapp | h700s | - | cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* |
netapp | h700s_firmware | - | cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* |
netapp | h410s | - | cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* |
netapp | h410s_firmware | - | cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* |
netapp | h410c | - | cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:* |
packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html
seclists.org/fulldisclosure/2024/Feb/3
www.openwall.com/lists/oss-security/2024/01/30/6
www.openwall.com/lists/oss-security/2024/01/30/8
security.gentoo.org/glsa/202310-03
security.netapp.com/advisory/ntap-20221104-0002/
sourceware.org/bugzilla/show_bug.cgi?id=29536
More