CVE-2023-6779
EUVD-2023-5899131.01.2024, 14:15
An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | 2.37 ≤ 𝑥 < 2.39 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| Siemens | SIMATIC S7-1500 CPU 1518-4 PN\/DP MFP | V3.1.5 ≤ 𝑥 < * | ADP |
| Siemens | SIMATIC S7-1500 CPU 1518-4 PN\/DP MFP | V3.1.5 ≤ 𝑥 < * | ADP |
| Siemens | SIMATIC S7-1500 CPU 1518F-4 PN\/DP MFP | V3.1.5 ≤ 𝑥 < * | ADP |
| Siemens | SIMATIC S7-1500 CPU 1518F-4 PN\/DP MFP | V3.1.5 ≤ 𝑥 < * | ADP |
| Siemens | SIPLUS S7-1500 CPU 1518-4 PN\/DP MFP | V3.1.5 ≤ 𝑥 < * | ADP |
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| glibc |
| ||||||||||||
| glibc-32bit |
| ||||||||||||
| glibc-devel |
| ||||||||||||
| glibc-devel-32bit |
| ||||||||||||
| glibc-devel-static |
| ||||||||||||
| glibc-extra |
| ||||||||||||
| glibc-i18ndata |
| ||||||||||||
| glibc-info |
| ||||||||||||
| glibc-lang |
| ||||||||||||
| glibc-locale |
| ||||||||||||
| glibc-locale-base |
| ||||||||||||
| glibc-locale-base-32bit |
| ||||||||||||
| glibc-profile |
| ||||||||||||
| glibc-utils |
| ||||||||||||
| libnsl1 |
| ||||||||||||
| libnsl1-32bit |
| ||||||||||||
| nscd |
|
Common Weakness Enumeration
- CWE-122 - Heap-based Buffer OverflowA heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.
References