CVE-2023-6780 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2023-6780

CVE-2023-6780

Published At:January 31, 2024

Updated At:April 07, 2026

An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.

Related Resources (10)

https://access.redhat.com/security/cve/CVE-2023-6780

https://www.openwall.com/lists/oss-security/2024/01/30/6

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/

https://security.netapp.com/advisory/ntap-20250207-0010/

https://bugzilla.redhat.com/show_bug.cgi?id=2254396

https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt

https://security.gentoo.org/glsa/202402-01

http://seclists.org/fulldisclosure/2024/Feb/3

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/

http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html

Do you need more information?