Lucene search

K
nvd[email protected]NVD:CVE-2023-6779
HistoryJan 31, 2024 - 2:15 p.m.

CVE-2023-6779

2024-01-3114:15:48
CWE-787
CWE-122
web.nvd.nist.gov
6
cve-2023-6779
glibc
buffer overflow

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

8.3

Confidence

High

EPSS

0.001

Percentile

50.2%

An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer.

Affected configurations

Nvd
Node
gnuglibcRange2.37–2.39
Node
fedoraprojectfedoraMatch38
OR
fedoraprojectfedoraMatch39

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

8.3

Confidence

High

EPSS

0.001

Percentile

50.2%