Home > Vulnerability Database > CVE-2023-6246

Mend.io Vulnerability Database

CVE-2023-6246

Good to know:

Date: January 31, 2024

A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.

Language: C

Severity Score

8.6

Related Resources (15)

Url: https://security-tracker.debian.org/tracker/CVE-2023-6246

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/

Url: https://www.openwall.com/lists/oss-security/2024/01/30/6

Url: https://access.redhat.com/security/cve/CVE-2023-6246

Url: http://packetstormsecurity.com/files/176931/glibc-qsort-Out-Of-Bounds-Read-Write.html

Url: https://security.gentoo.org/glsa/202402-01

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2249053

Url: https://security.netapp.com/advisory/ntap-20240216-0007/

Url: http://seclists.org/fulldisclosure/2024/Feb/5

Url: http://seclists.org/fulldisclosure/2024/Feb/3

Url: https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-6246

Url: http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html

Url: https://www.mend.io/vulnerability-database/CVE-2023-6246

Severity Score

8.6

Weakness Type (CWE)

Out-of-bounds Write

CWE-787

Heap-based Buffer Overflow

CWE-122

Top Fix

Upgrade Version

Upgrade to version glibc-2.39

Learn More

CVSS v3.1

Base Score:	8.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-6246

Good to know:

Date: January 31, 2024

Language: C

Severity Score

Related Resources (15)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?