1662 matches found
Integer overflow
An integer overflow was found in the vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message,...
CVE-2023-6780 Glibc: integer overflow in __vsyslog_internal()
An integer overflow was found in the vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message,...
CVE-2023-6780 Glibc: integer overflow in __vsyslog_internal()
An integer overflow was found in the vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message,...
CVE-2023-6780
An integer overflow was found in the vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message,...
CVE-2023-6780
An integer overflow was found in the vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message,...
CVE-2023-6779
The CVE describes a heap-based off-by-one overflow in glibc’s __vsyslog_internal invoked by syslog/vsyslog when a message exceeds INT_MAX. Affected are glibc 2.37 and newer; exploitation may cause an application crash. Evidence from connected sources indicates a fix in patched glibc releases (e.g...
CVE-2023-6779 Glibc: off-by-one heap-based buffer overflow in __vsyslog_internal()
An off-by-one heap-based buffer overflow was found in the vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INTMAX bytes, leading to an incorrect calculation of t...
CVE-2023-6779
An off-by-one heap-based buffer overflow was found in the vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INTMAX bytes, leading to an incorrect calculation of t...
CVE-2023-6246
A heap-based buffer overflow was found in the vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name the basename of...
CVE-2023-6246 Glibc: heap-based buffer overflow in __vsyslog_internal()
A heap-based buffer overflow was found in the vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name the basename of...
CVE-2023-6246 Glibc: heap-based buffer overflow in __vsyslog_internal()
A heap-based buffer overflow was found in the vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name the basename of...
New Glibc Flaw Grants Attackers Root Access on Major Linux Distros
Malicious local attackers can obtain full root access on Linux machines by taking advantage of a newly disclosed security flaw in the GNU C library aka glibc. Tracked as CVE-2023-6246 CVSS score: 7.8, the heap-based buffer overflow vulnerability is rooted in glibc's vsysloginternal function, whic...
CVE-2023-6246
A heap-based buffer overflow was found in the vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name the basename of...
glibc syslog() Heap-Based Buffer Overflow Exploit
Qualys discovered a heap-based buffer overflow in the GNU C Library's vsysloginternal function, which is called by both syslog and vsyslog. This vulnerability was introduced in glibc 2.37 in August 2022. CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog...
glibc syslog() Heap-Based Buffer Overflow
Qualys Security Advisory CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog ======================================================================== Contents ======================================================================== Summary Analysis Proof of concept Exploitation...
CVE-2023-6780
An integer overflow was found in the vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message,...
CVE-2023-6779
An off-by-one heap-based buffer overflow was found in the vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INTMAX bytes, leading to an incorrect calculation of t...
Qualys TRU Discovers Important Vulnerabilities in GNU C Library’s syslog()
The Qualys Threat Research Unit TRU has recently unearthed four significant vulnerabilities in the GNU C Library, a cornerstone for countless applications in the Linux environment. Before diving into the specific details of the vulnerabilities discovered by the Qualys Threat Research Unit in the...
Motorola MR2600 Command Injection Vulnerability
The Motorola MR2600 is a wireless router from Motorola, Inc. A security vulnerability exists in the Motorola MR2600 due to a command injection vulnerability in the "SaveSysLogParams" parameter...
GitHub: Management Console Editor Privilege Escalation to Root SSH Access in GitHub Enterprise Server via RCE in syslog-ng
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the syslog-ng configuration file. This vulnerability affected all versions of GitHub Enterprise Server...