CVE-2023-6780

PUBLISHED

Glibc: integer overflow in __vsyslog_internal()

n/a, Red Hat, Fedora · glibc, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Fedora

Recommended Action

Track for updates. Assess relevance to your asset inventory and enrichment workflows.

Confidence
Exploitation Status
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
CVSS / EPSS
5.3 Medium

At a Glance

An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.

CVE Published
Jan 31, 2024
CVSS
5.3 Medium
EPSS
Remote Low complexity No user interaction Unauthenticated

Affected Versions

Vendor Product Version Status
Siemens
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP

V3.1.5 to < *

Affected
Siemens
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP

V3.1.5 to < *

Affected
Siemens
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP

V3.1.5 to < *

Affected
Siemens
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP

V3.1.5 to < *

Affected
Siemens
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP

V3.1.5 to < *

Affected
n/a
glibc

2.39

Unaffected
Red Hat
Red Hat Enterprise Linux 6

compat-glibc

All versions (default: unaffected)

Unaffected
Red Hat
Red Hat Enterprise Linux 6

glibc

All versions (default: unaffected)

Unaffected
Red Hat
Red Hat Enterprise Linux 7

compat-glibc

All versions (default: unaffected)

Unaffected
Red Hat
Red Hat Enterprise Linux 7

glibc

All versions (default: unaffected)

Unaffected
Red Hat
Red Hat Enterprise Linux 8

glibc

All versions (default: unaffected)

Unaffected
Red Hat
Red Hat Enterprise Linux 9

glibc

All versions (default: unaffected)

Unaffected
Fedora
Fedora

glibc

All versions (default: affected)

Affected

Recommended Actions

  • Track for updates. Assess relevance to your asset inventory and enrichment workflows.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.