CVE-2023-6780
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Published Jan 31, 2024
Updated: Mar 26, 2024
CWE ID 131
CWE ID 190
Summary
CVE-2023-6780 is an integer overflow vulnerability affecting the __vsyslog_internal function in the glibc library. This function is utilized by the syslog and vsyslog functions. When these functions process unusually long messages, an incorrect buffer size calculation occurs, resulting in undefined behavior. This issue impacts glibc 2.37 and newer versions. Successful exploitation could lead to arbitrary code execution or denial-of-service attacks. Users are advised to update their glibc libraries to the latest patch level to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Fedora Operating System
Affected Vendors
- Fedora Project