CVE-2023-6780

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Jan 31, 2024
Updated: Mar 26, 2024
CWE ID 131
CWE ID 190

Summary

CVE-2023-6780 is an integer overflow vulnerability affecting the __vsyslog_internal function in the glibc library. This function is utilized by the syslog and vsyslog functions. When these functions process unusually long messages, an incorrect buffer size calculation occurs, resulting in undefined behavior. This issue impacts glibc 2.37 and newer versions. Successful exploitation could lead to arbitrary code execution or denial-of-service attacks. Users are advised to update their glibc libraries to the latest patch level to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Fedora Operating System

Affected Vendors

  • Fedora Project