Off-by-one Heap-Based Buffer Overflow in glibc's __vsyslog_internal Function

Off-by-one Heap-Based Buffer Overflow in glibc's __vsyslog_internal Function

CVE-2023-6779 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer.

Learn more about our Internal Network Penetration Testing.