Heap-Based Buffer Overflow Vulnerability in glibc Library
Key Information
- Vendor
- Red Hat
- Status
- Glibc
- Red Hat Enterprise Linux 6
- Red Hat Enterprise Linux 7
- Red Hat Enterprise Linux 8
- Vendor
- CVE Published:
- 31 January 2024
Badges
Summary
A heap-based buffer overflow vulnerability was found in the __vsyslog_internal function of the glibc library, impacting various Linux distributions. This issue, known as CVE: CVE-2023-6246, can result in local privilege escalation, potentially granting unauthorized root access to the affected system. The vulnerability was introduced inadvertently in glibc 2.37 in August 2022 by a specific commit, and it affects major Linux distributions like Debian, Ubuntu, and Fedora. There are also additional vulnerabilities affecting GNU C Library discovered by Qualys, but CVE-2023-6246 is considered the most concerning. Organizations are advised to monitor and address these vulnerabilities promptly to prevent potential exploitation.
Affected Version(s)
glibc = 2.39
News Articles
CVE-2023-6246 Archives
All posts tagged "CVE-2023-6246" Security Architecture GNU C Library Vulnerability Leads to Full Root Access Researchers at Qualys call attention to a vulnerability in Linux’s GNU C Library...
7 months ago
Qualys Security Blog CVE-2023-6246Tag: CVE-2023-6246 | Qualys Security Blog
Join the discussion today! Learn more about Qualys and industry best practices. Share what you know and build a reputation. Secure your systems and improve...
8 months ago
EPSS Score
1% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 👾
Exploit exists.
Risk change from: 7.8 to: 8.4 - (HIGH)
Vulnerability started trending.
Vulnerability published.
First article discovered by Security Affairs
Vulnerability Reserved.
Reported to Red Hat.