CVE-2023-6780

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html", "name": "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "refsource": ""}, {"url": "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html", "name": "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "refsource": ""}, {"url": "http://seclists.org/fulldisclosure/2024/Feb/3", "name": "http://seclists.org/fulldisclosure/2024/Feb/3", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "refsource": ""}, {"url": "http://seclists.org/fulldisclosure/2024/Feb/3", "name": "http://seclists.org/fulldisclosure/2024/Feb/3", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "refsource": ""}, {"url": "https://access.redhat.com/security/cve/CVE-2023-6780", "name": "https://access.redhat.com/security/cve/CVE-2023-6780", "tags": ["Third Party Advisory"], "refsource": ""}, {"url": "https://access.redhat.com/security/cve/CVE-2023-6780", "name": "https://access.redhat.com/security/cve/CVE-2023-6780", "tags": ["Third Party Advisory"], "refsource": ""}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254396", "name": "RHBZ#2254396", "tags": ["Issue Tracking"], "refsource": ""}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254396", "name": "RHBZ#2254396", "tags": ["Issue Tracking"], "refsource": ""}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/", "tags": ["Mailing List"], "refsource": ""}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/", "tags": ["Mailing List"], "refsource": ""}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/", "tags": ["Mailing List"], "refsource": ""}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/", "tags": ["Mailing List"], "refsource": ""}, {"url": "https://security.gentoo.org/glsa/202402-01", "name": "https://security.gentoo.org/glsa/202402-01", "tags": ["Third Party Advisory"], "refsource": ""}, {"url": "https://security.gentoo.org/glsa/202402-01", "name": "https://security.gentoo.org/glsa/202402-01", "tags": ["Third Party Advisory"], "refsource": ""}, {"url": "https://security.netapp.com/advisory/ntap-20250207-0010/", "name": "https://security.netapp.com/advisory/ntap-20250207-0010/", "tags": [], "refsource": ""}, {"url": "https://www.openwall.com/lists/oss-security/2024/01/30/6", "name": "https://www.openwall.com/lists/oss-security/2024/01/30/6", "tags": ["Exploit", "Mailing List"], "refsource": ""}, {"url": "https://www.openwall.com/lists/oss-security/2024/01/30/6", "name": "https://www.openwall.com/lists/oss-security/2024/01/30/6", "tags": ["Exploit", "Mailing List"], "refsource": ""}, {"url": "https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt", "name": "https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt", "tags": ["Third Party Advisory"], "refsource": ""}, {"url": "https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt", "name": "https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt", "tags": ["Third Party Advisory"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer."}]}, "problemtype": {"problemtype_data": [{"description": []}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2023-6780", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}}, "publishedDate": "2024-01-31T14:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.39", "versionStartIncluding": "2.37"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-02-07T17:15Z"}