cve/2023/CVE-2023-6780.md

### [CVE-2023-6780](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6780)
![](https://img.shields.io/static/v1?label=Product&message=Fedora&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=glibc&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Incorrect%20Calculation%20of%20Buffer%20Size&color=brighgreen)

### Description

An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.

### POC

#### Reference
- http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html
- http://seclists.org/fulldisclosure/2024/Feb/3
- https://www.openwall.com/lists/oss-security/2024/01/30/6
- https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://github.com/testing-felickz/docker-scout-demo
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2023-6780](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6780)`
			`![](https://img.shields.io/static/v1?label=Product&message=Fedora&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=glibc&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
Update CVE sources 2024-05-28 08:49 2024-05-28 08:49:17 +00:00			`![](https://img.shields.io/static/v1?label=Vulnerability&message=Incorrect%20Calculation%20of%20Buffer%20Size&color=brighgreen)`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00
			`### Description`

			`An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.`

			`### POC`

			`#### Reference`
			`- http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html`
			`- http://seclists.org/fulldisclosure/2024/Feb/3`
			`- https://www.openwall.com/lists/oss-security/2024/01/30/6`
			`- https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt`

			`#### Github`
			`- https://github.com/fkie-cad/nvd-json-data-feeds`
Update CVE sources 2024-06-07 04:52 2024-06-07 04:52:01 +00:00			`- https://github.com/testing-felickz/docker-scout-demo`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00