Lucene search
K

1662 matches found

Prion
Prion
added 2024/01/31 2:15 p.m.27 views

Integer overflow

An integer overflow was found in the vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message,...

5CVSS7.4AI score0.04794EPSS
Exploits8References9Affected Software2
Cvelist
Cvelist
added 2024/01/31 2:8 p.m.33 views

CVE-2023-6780 Glibc: integer overflow in __vsyslog_internal()

An integer overflow was found in the vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message,...

5.3CVSS7AI score0.02689EPSS
Exploits2References9
Vulnrichment
Vulnrichment
added 2024/01/31 2:8 p.m.4 views

CVE-2023-6780 Glibc: integer overflow in __vsyslog_internal()

An integer overflow was found in the vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message,...

5.3CVSS6.8AI score0.02689EPSS
Exploits2References9
Debian CVE
Debian CVE
added 2024/01/31 2:8 p.m.42 views

CVE-2023-6780

An integer overflow was found in the vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message,...

5.3CVSS5.8AI score0.02689EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2024/01/31 2:7 p.m.57 views

CVE-2023-6780

An integer overflow was found in the vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message,...

5.3CVSS7.6AI score0.04794EPSS
Exploits8References5
CVE
CVE
added 2024/01/31 2:7 p.m.380 views

CVE-2023-6779

The CVE describes a heap-based off-by-one overflow in glibc’s __vsyslog_internal invoked by syslog/vsyslog when a message exceeds INT_MAX. Affected are glibc 2.37 and newer; exploitation may cause an application crash. Evidence from connected sources indicates a fix in patched glibc releases (e.g...

8.2CVSS7.7AI score0.03127EPSS
Exploits2References11Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/31 2:7 p.m.13 views

CVE-2023-6779 Glibc: off-by-one heap-based buffer overflow in __vsyslog_internal()

An off-by-one heap-based buffer overflow was found in the vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INTMAX bytes, leading to an incorrect calculation of t...

8.2CVSS7.6AI score0.03127EPSS
Exploits2References10
Debian CVE
Debian CVE
added 2024/01/31 2:7 p.m.75 views

CVE-2023-6779

An off-by-one heap-based buffer overflow was found in the vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INTMAX bytes, leading to an incorrect calculation of t...

8.2CVSS7.9AI score0.03127EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2024/01/31 2:7 p.m.91 views

CVE-2023-6246

A heap-based buffer overflow was found in the vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name the basename of...

8.4CVSS7.6AI score0.04794EPSS
Exploits7References5
Vulnrichment
Vulnrichment
added 2024/01/31 2:6 p.m.21 views

CVE-2023-6246 Glibc: heap-based buffer overflow in __vsyslog_internal()

A heap-based buffer overflow was found in the vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name the basename of...

8.4CVSS7.2AI score0.04794EPSS
Exploits7References12
Cvelist
Cvelist
added 2024/01/31 2:6 p.m.20 views

CVE-2023-6246 Glibc: heap-based buffer overflow in __vsyslog_internal()

A heap-based buffer overflow was found in the vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name the basename of...

8.4CVSS8.2AI score0.04794EPSS
Exploits7References12
The Hacker News
The Hacker News
added 2024/01/31 5:44 a.m.139 views

New Glibc Flaw Grants Attackers Root Access on Major Linux Distros

Malicious local attackers can obtain full root access on Linux machines by taking advantage of a newly disclosed security flaw in the GNU C library aka glibc. Tracked as CVE-2023-6246 CVSS score: 7.8, the heap-based buffer overflow vulnerability is rooted in glibc's vsysloginternal function, whic...

8.4CVSS7.5AI score0.81422EPSS
Exploits35
UbuntuCve
UbuntuCve
added 2024/01/31 12:0 a.m.51 views

CVE-2023-6246

A heap-based buffer overflow was found in the vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name the basename of...

8.4CVSS7.1AI score0.04794EPSS
Exploits7References3
0day.today
0day.today
added 2024/01/31 12:0 a.m.454 views

glibc syslog() Heap-Based Buffer Overflow Exploit

Qualys discovered a heap-based buffer overflow in the GNU C Library's vsysloginternal function, which is called by both syslog and vsyslog. This vulnerability was introduced in glibc 2.37 in August 2022. CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog...

8.4CVSS7.9AI score0.99295EPSS
Exploits87
Packet Storm
Packet Storm
added 2024/01/31 12:0 a.m.642 views

glibc syslog() Heap-Based Buffer Overflow

Qualys Security Advisory CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog ======================================================================== Contents ======================================================================== Summary Analysis Proof of concept Exploitation...

8.4CVSS7.4AI score0.99295EPSS
Exploits89
UbuntuCve
UbuntuCve
added 2024/01/31 12:0 a.m.33 views

CVE-2023-6780

An integer overflow was found in the vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message,...

5.3CVSS6.8AI score0.02689EPSS
Exploits2References3
UbuntuCve
UbuntuCve
added 2024/01/31 12:0 a.m.32 views

CVE-2023-6779

An off-by-one heap-based buffer overflow was found in the vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INTMAX bytes, leading to an incorrect calculation of t...

8.2CVSS7.1AI score0.03127EPSS
Exploits2References3
Qualys Blog
Qualys Blog
added 2024/01/30 6:31 p.m.101 views

Qualys TRU Discovers Important Vulnerabilities in GNU C Library’s syslog()

The Qualys Threat Research Unit TRU has recently unearthed four significant vulnerabilities in the GNU C Library, a cornerstone for countless applications in the Linux environment. Before diving into the specific details of the vulnerabilities discovered by the Qualys Threat Research Unit in the...

5CVSS7.6AI score0.04794EPSS
Exploits10
CNNVD
CNNVD
added 2024/01/26 12:0 a.m.4 views

Motorola MR2600 Command Injection Vulnerability

The Motorola MR2600 is a wireless router from Motorola, Inc. A security vulnerability exists in the Motorola MR2600 due to a command injection vulnerability in the "SaveSysLogParams" parameter...

9CVSS7.5AI score0.03537EPSS
Exploits0References2
Hacker One
Hacker One
added 2024/01/22 11:31 a.m.13 views

GitHub: Management Console Editor Privilege Escalation to Root SSH Access in GitHub Enterprise Server via RCE in syslog-ng

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the syslog-ng configuration file. This vulnerability affected all versions of GitHub Enterprise Server...

8CVSS8.2AI score0.0172EPSS
Exploits0
Rows per page
Query Builder