Lucene search

K
ubuntucveUbuntu.comUB:CVE-2022-39046
HistoryAug 31, 2022 - 12:00 a.m.

CVE-2022-39046

2022-08-3100:00:00
ubuntu.com
ubuntu.com
33
gnu c library vulnerability
syslog function
uninitialized memory

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

55.7%

An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog
function is passed a crafted input string larger than 1024 bytes, it reads
uninitialized memory from the heap and prints it to the target log file,
potentially revealing a portion of the contents of the heap.

Bugs

Notes

Author Note
mdeslaur this was introduced in 2.36

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

55.7%