Glibc: off-by-one heap-based buffer overflow in __vsyslog_internal()

CVE-2023-6779

What is CVE-2023-6779?

An off-by-one heap-based buffer overflow was identified in the __vsyslog_internal function within the glibc library. When the syslog and vsyslog functions are invoked with a message exceeding INT_MAX bytes, it leads to improper calculations of the buffer size allocated for the message. This flaw may cause application crashes and can potentially be exploited if the affected functions are manipulated. The vulnerability impacts glibc versions 2.37 and newer, necessitating immediate attention from system administrators and software developers utilizing this library.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

News Articles

Qualys Security Blog

CVE-2023-6246CVE-2023-6779

Qualys TRU Discovers Important Vulnerabilities in GNU C Library’s syslog() | Qualys Security Blog

The Qualys Threat Research Unit (TRU) has recently unearthed four significant vulnerabilities in the GNU C Library, a cornerstone for countless applications in…

References