Action not permitted
Modal body text goes here.
Modal Title
Modal Body
usn-6620-1
Vulnerability from osv_ubuntu
It was discovered that the GNU C Library incorrectly handled the syslog() function call. A local attacker could use this issue to execute arbitrary code and possibly escalate privileges.
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "glibc-doc",
"binary_version": "2.38-1ubuntu6.1"
},
{
"binary_name": "glibc-source",
"binary_version": "2.38-1ubuntu6.1"
},
{
"binary_name": "libc-bin",
"binary_version": "2.38-1ubuntu6.1"
},
{
"binary_name": "libc-bin-dbgsym",
"binary_version": "2.38-1ubuntu6.1"
},
{
"binary_name": "libc-dev-bin",
"binary_version": "2.38-1ubuntu6.1"
},
{
"binary_name": "libc-dev-bin-dbgsym",
"binary_version": "2.38-1ubuntu6.1"
},
{
"binary_name": "libc-devtools",
"binary_version": "2.38-1ubuntu6.1"
},
{
"binary_name": "libc-devtools-dbgsym",
"binary_version": "2.38-1ubuntu6.1"
},
{
"binary_name": "libc6",
"binary_version": "2.38-1ubuntu6.1"
},
{
"binary_name": "libc6-amd64",
"binary_version": "2.38-1ubuntu6.1"
},
{
"binary_name": "libc6-amd64-dbgsym",
"binary_version": "2.38-1ubuntu6.1"
},
{
"binary_name": "libc6-dbg",
"binary_version": "2.38-1ubuntu6.1"
},
{
"binary_name": "libc6-dev",
"binary_version": "2.38-1ubuntu6.1"
},
{
"binary_name": "libc6-dev-amd64",
"binary_version": "2.38-1ubuntu6.1"
},
{
"binary_name": "libc6-dev-dbgsym",
"binary_version": "2.38-1ubuntu6.1"
},
{
"binary_name": "libc6-dev-i386",
"binary_version": "2.38-1ubuntu6.1"
},
{
"binary_name": "libc6-dev-s390",
"binary_version": "2.38-1ubuntu6.1"
},
{
"binary_name": "libc6-dev-x32",
"binary_version": "2.38-1ubuntu6.1"
},
{
"binary_name": "libc6-i386",
"binary_version": "2.38-1ubuntu6.1"
},
{
"binary_name": "libc6-i386-dbgsym",
"binary_version": "2.38-1ubuntu6.1"
},
{
"binary_name": "libc6-prof",
"binary_version": "2.38-1ubuntu6.1"
},
{
"binary_name": "libc6-s390",
"binary_version": "2.38-1ubuntu6.1"
},
{
"binary_name": "libc6-s390-dbgsym",
"binary_version": "2.38-1ubuntu6.1"
},
{
"binary_name": "libc6-x32",
"binary_version": "2.38-1ubuntu6.1"
},
{
"binary_name": "libc6-x32-dbgsym",
"binary_version": "2.38-1ubuntu6.1"
},
{
"binary_name": "locales",
"binary_version": "2.38-1ubuntu6.1"
},
{
"binary_name": "locales-all",
"binary_version": "2.38-1ubuntu6.1"
},
{
"binary_name": "nscd",
"binary_version": "2.38-1ubuntu6.1"
},
{
"binary_name": "nscd-dbgsym",
"binary_version": "2.38-1ubuntu6.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:23.10",
"name": "glibc",
"purl": "pkg:deb/ubuntu/glibc@2.38-1ubuntu6.1?arch=source\u0026distro=mantic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.38-1ubuntu6.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.37-0ubuntu2",
"2.38-1ubuntu3",
"2.38-1ubuntu4",
"2.38-1ubuntu5",
"2.38-1ubuntu6"
]
}
],
"aliases": [],
"details": "It was discovered that the GNU C Library incorrectly handled the syslog()\nfunction call. A local attacker could use this issue to execute arbitrary\ncode and possibly escalate privileges.\n",
"id": "USN-6620-1",
"modified": "2024-02-01T12:41:59.243886Z",
"published": "2024-02-01T12:41:59.243886Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6620-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-6246"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-6779"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-6780"
}
],
"related": [
"CVE-2023-6246",
"UBUNTU-CVE-2023-6246",
"CVE-2023-6779",
"UBUNTU-CVE-2023-6779",
"CVE-2023-6780",
"UBUNTU-CVE-2023-6780"
],
"schema_version": "1.6.3",
"summary": "glibc vulnerabilities"
}
CVE-2023-6246 (GCVE-0-2023-6246)
Vulnerability from cvelistv5 – Published: 2024-01-31 14:06 – Updated: 2026-07-14 12:03- CWE-122 - Heap-based Buffer Overflow
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | glibc |
Unaffected:
2.39
|
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
|
| Fedora | Fedora | ||
| Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
|
| Siemens | SIPLUS S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:21:18.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/176931/glibc-qsort-Out-Of-Bounds-Read-Write.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Feb/3"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Feb/5"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6246"
},
{
"name": "RHBZ#2249053",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249053"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202402-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2024/01/30/6"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240216-0007/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6246",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-09T05:00:28.307432Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T17:53:03.744Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T12:03:06.835Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"product": "glibc",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "2.39"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "compat-glibc",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "glibc",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "compat-glibc",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "glibc",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "glibc",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "glibc",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "glibc",
"product": "Fedora",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Qualys Threat Research Unit for reporting this issue."
}
],
"datePublic": "2024-01-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-16T13:05:53.547Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "http://packetstormsecurity.com/files/176931/glibc-qsort-Out-Of-Bounds-Read-Write.html"
},
{
"url": "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Feb/3"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Feb/5"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6246"
},
{
"name": "RHBZ#2249053",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249053"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/"
},
{
"url": "https://security.gentoo.org/glsa/202402-01"
},
{
"url": "https://www.openwall.com/lists/oss-security/2024/01/30/6"
},
{
"url": "https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240216-0007/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-11-06T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-01-30T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Glibc: heap-based buffer overflow in __vsyslog_internal()",
"x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-6246",
"datePublished": "2024-01-31T14:06:21.949Z",
"dateReserved": "2023-11-21T19:14:21.669Z",
"dateUpdated": "2026-07-14T12:03:06.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-6779 (GCVE-0-2023-6779)
Vulnerability from cvelistv5 – Published: 2024-01-31 14:07 – Updated: 2026-07-14 12:03- CWE-122 - Heap-based Buffer Overflow
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | glibc |
Unaffected:
2.39
|
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
|
| Fedora | Fedora | ||
| Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
|
| Siemens | SIPLUS S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:07.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Feb/3"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6779"
},
{
"name": "RHBZ#2254395",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254395"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202402-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2024/01/30/6"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240223-0006/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6779",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-13T16:08:30.700931Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-13T16:08:42.227Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T12:03:08.179Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"product": "glibc",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "2.39"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "compat-glibc",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "glibc",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "compat-glibc",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "glibc",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "glibc",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "glibc",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "glibc",
"product": "Fedora",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Qualys Threat Research Unit for reporting this issue."
}
],
"datePublic": "2024-01-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-23T16:05:57.859Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Feb/3"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6779"
},
{
"name": "RHBZ#2254395",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254395"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/"
},
{
"url": "https://security.gentoo.org/glsa/202402-01"
},
{
"url": "https://www.openwall.com/lists/oss-security/2024/01/30/6"
},
{
"url": "https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240223-0006/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-08T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-01-30T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Glibc: off-by-one heap-based buffer overflow in __vsyslog_internal()",
"x_redhatCweChain": "CWE-193-\u003eCWE-122: Off-by-one Error leads to Heap-based Buffer Overflow"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-6779",
"datePublished": "2024-01-31T14:07:41.967Z",
"dateReserved": "2023-12-13T14:37:37.111Z",
"dateUpdated": "2026-07-14T12:03:08.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-6780 (GCVE-0-2023-6780)
Vulnerability from cvelistv5 – Published: 2024-01-31 14:08 – Updated: 2026-07-14 12:03- CWE-131 - Incorrect Calculation of Buffer Size
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | glibc |
Unaffected:
2.39
|
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
|
| Fedora | Fedora | ||
| Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
|
| Siemens | SIPLUS S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-02-07T17:02:41.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Feb/3"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6780"
},
{
"name": "RHBZ#2254396",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254396"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202402-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2024/01/30/6"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250207-0010/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6780",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-31T16:36:34.378685Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:29:19.534Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T12:03:10.606Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"product": "glibc",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "2.39"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "compat-glibc",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "glibc",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "compat-glibc",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "glibc",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "glibc",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "glibc",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "glibc",
"product": "Fedora",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Qualys Threat Research Unit for reporting this issue."
}
],
"datePublic": "2024-01-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-131",
"description": "Incorrect Calculation of Buffer Size",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-26T15:30:47.720Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Feb/3"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6780"
},
{
"name": "RHBZ#2254396",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254396"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/"
},
{
"url": "https://security.gentoo.org/glsa/202402-01"
},
{
"url": "https://www.openwall.com/lists/oss-security/2024/01/30/6"
},
{
"url": "https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-08T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-01-30T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Glibc: integer overflow in __vsyslog_internal()",
"x_redhatCweChain": "CWE-190-\u003eCWE-131: Integer Overflow or Wraparound leads to Incorrect Calculation of Buffer Size"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-6780",
"datePublished": "2024-01-31T14:08:02.610Z",
"dateReserved": "2023-12-13T14:37:40.684Z",
"dateUpdated": "2026-07-14T12:03:10.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
ubuntu-cve-2023-6246
Vulnerability from osv_ubuntu
A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "glibc-source",
"binary_version": "2.39-0ubuntu1"
},
{
"binary_name": "libc-bin",
"binary_version": "2.39-0ubuntu1"
},
{
"binary_name": "libc-dev-bin",
"binary_version": "2.39-0ubuntu1"
},
{
"binary_name": "libc-devtools",
"binary_version": "2.39-0ubuntu1"
},
{
"binary_name": "libc6",
"binary_version": "2.39-0ubuntu1"
},
{
"binary_name": "libc6-amd64",
"binary_version": "2.39-0ubuntu1"
},
{
"binary_name": "libc6-dev-amd64",
"binary_version": "2.39-0ubuntu1"
},
{
"binary_name": "libc6-dev-i386",
"binary_version": "2.39-0ubuntu1"
},
{
"binary_name": "libc6-dev-s390",
"binary_version": "2.39-0ubuntu1"
},
{
"binary_name": "libc6-dev-x32",
"binary_version": "2.39-0ubuntu1"
},
{
"binary_name": "libc6-i386",
"binary_version": "2.39-0ubuntu1"
},
{
"binary_name": "libc6-s390",
"binary_version": "2.39-0ubuntu1"
},
{
"binary_name": "libc6-x32",
"binary_version": "2.39-0ubuntu1"
},
{
"binary_name": "locales",
"binary_version": "2.39-0ubuntu1"
},
{
"binary_name": "locales-all",
"binary_version": "2.39-0ubuntu1"
},
{
"binary_name": "nscd",
"binary_version": "2.39-0ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "glibc",
"purl": "pkg:deb/ubuntu/glibc@2.39-0ubuntu1?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.39-0ubuntu1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.38-1ubuntu6",
"2.38-3ubuntu1"
]
}
],
"aliases": [],
"details": "A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.",
"id": "UBUNTU-CVE-2023-6246",
"modified": "2026-04-22T07:45:09Z",
"published": "2024-01-31T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-6246"
},
{
"type": "REPORT",
"url": "https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6620-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6246"
}
],
"related": [
"USN-6620-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2023-6246"
]
}
ubuntu-cve-2023-6779
Vulnerability from osv_ubuntu
An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer.
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "glibc-source",
"binary_version": "2.39-0ubuntu1"
},
{
"binary_name": "libc-bin",
"binary_version": "2.39-0ubuntu1"
},
{
"binary_name": "libc-dev-bin",
"binary_version": "2.39-0ubuntu1"
},
{
"binary_name": "libc-devtools",
"binary_version": "2.39-0ubuntu1"
},
{
"binary_name": "libc6",
"binary_version": "2.39-0ubuntu1"
},
{
"binary_name": "libc6-amd64",
"binary_version": "2.39-0ubuntu1"
},
{
"binary_name": "libc6-dev-amd64",
"binary_version": "2.39-0ubuntu1"
},
{
"binary_name": "libc6-dev-i386",
"binary_version": "2.39-0ubuntu1"
},
{
"binary_name": "libc6-dev-s390",
"binary_version": "2.39-0ubuntu1"
},
{
"binary_name": "libc6-dev-x32",
"binary_version": "2.39-0ubuntu1"
},
{
"binary_name": "libc6-i386",
"binary_version": "2.39-0ubuntu1"
},
{
"binary_name": "libc6-s390",
"binary_version": "2.39-0ubuntu1"
},
{
"binary_name": "libc6-x32",
"binary_version": "2.39-0ubuntu1"
},
{
"binary_name": "locales",
"binary_version": "2.39-0ubuntu1"
},
{
"binary_name": "locales-all",
"binary_version": "2.39-0ubuntu1"
},
{
"binary_name": "nscd",
"binary_version": "2.39-0ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "glibc",
"purl": "pkg:deb/ubuntu/glibc@2.39-0ubuntu1?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.39-0ubuntu1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.38-1ubuntu6",
"2.38-3ubuntu1"
]
}
],
"aliases": [],
"details": "An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer.",
"id": "UBUNTU-CVE-2023-6779",
"modified": "2026-04-22T07:45:10Z",
"published": "2024-01-31T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-6779"
},
{
"type": "REPORT",
"url": "https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6620-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6779"
}
],
"related": [
"USN-6620-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2023-6779"
]
}
ubuntu-cve-2023-6780
Vulnerability from osv_ubuntu
An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "glibc-source",
"binary_version": "2.39-0ubuntu1"
},
{
"binary_name": "libc-bin",
"binary_version": "2.39-0ubuntu1"
},
{
"binary_name": "libc-dev-bin",
"binary_version": "2.39-0ubuntu1"
},
{
"binary_name": "libc-devtools",
"binary_version": "2.39-0ubuntu1"
},
{
"binary_name": "libc6",
"binary_version": "2.39-0ubuntu1"
},
{
"binary_name": "libc6-amd64",
"binary_version": "2.39-0ubuntu1"
},
{
"binary_name": "libc6-dev-amd64",
"binary_version": "2.39-0ubuntu1"
},
{
"binary_name": "libc6-dev-i386",
"binary_version": "2.39-0ubuntu1"
},
{
"binary_name": "libc6-dev-s390",
"binary_version": "2.39-0ubuntu1"
},
{
"binary_name": "libc6-dev-x32",
"binary_version": "2.39-0ubuntu1"
},
{
"binary_name": "libc6-i386",
"binary_version": "2.39-0ubuntu1"
},
{
"binary_name": "libc6-s390",
"binary_version": "2.39-0ubuntu1"
},
{
"binary_name": "libc6-x32",
"binary_version": "2.39-0ubuntu1"
},
{
"binary_name": "locales",
"binary_version": "2.39-0ubuntu1"
},
{
"binary_name": "locales-all",
"binary_version": "2.39-0ubuntu1"
},
{
"binary_name": "nscd",
"binary_version": "2.39-0ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "glibc",
"purl": "pkg:deb/ubuntu/glibc@2.39-0ubuntu1?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.39-0ubuntu1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.38-1ubuntu6",
"2.38-3ubuntu1"
]
}
],
"aliases": [],
"details": "An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.",
"id": "UBUNTU-CVE-2023-6780",
"modified": "2026-04-22T07:45:10Z",
"published": "2024-01-31T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-6780"
},
{
"type": "REPORT",
"url": "https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6620-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6780"
}
],
"related": [
"USN-6620-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2023-6780"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.