Integer Overflow in glibc's __vsyslog_internal Function

Integer Overflow in glibc's __vsyslog_internal Function

CVE-2023-6780 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.

Learn more about our Internal Network Penetration Testing.