cvelistv5 - CVE-2023-6246

URL	Tags
secalert@redhat.com	http://packetstormsecurity.com/files/176931/glibc-qsort-Out-Of-Bounds-Read-Write.html	Exploit, Third Party Advisory, VDB Entry
secalert@redhat.com	http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html	Exploit, Third Party Advisory, VDB Entry
secalert@redhat.com	http://seclists.org/fulldisclosure/2024/Feb/3	Exploit, Third Party Advisory
secalert@redhat.com	http://seclists.org/fulldisclosure/2024/Feb/5	Exploit, Third Party Advisory
secalert@redhat.com	https://access.redhat.com/security/cve/CVE-2023-6246	Third Party Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=2249053	Issue Tracking, Third Party Advisory
secalert@redhat.com	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/	Mailing List
secalert@redhat.com	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/	Mailing List
secalert@redhat.com	https://security.gentoo.org/glsa/202402-01	Third Party Advisory
secalert@redhat.com	https://security.netapp.com/advisory/ntap-20240216-0007/
secalert@redhat.com	https://www.openwall.com/lists/oss-security/2024/01/30/6	Exploit, Mailing List, Third Party Advisory
secalert@redhat.com	https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt	Exploit, Third Party Advisory

▼	Vendor	Product
	n/a	glibc
	Red Hat	Red Hat Enterprise Linux 6
	Red Hat	Red Hat Enterprise Linux 6
	Red Hat	Red Hat Enterprise Linux 7
	Red Hat	Red Hat Enterprise Linux 7
	Red Hat	Red Hat Enterprise Linux 8
	Red Hat	Red Hat Enterprise Linux 9
	Fedora	Fedora

wid-sec-w-2024-0246

Vulnerability from csaf_certbund

Published

2024-01-30 23:00

Modified

2024-02-01 23:00

Summary

GNU libc: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Die GNU libc ist die Basis C Bibliothek unter Linux sowie anderen Unix-Betriebssystemen, welche die Systemaufrufe sowie Basisfunktionalität bereitstellt.

Angriff

Ein lokaler Angreifer kann mehrere Schwachstellen in GNU libc ausnutzen, um seine Privilegien zu erhöhen oder einen Denial of Service Zustand herbeizuführen.

Betroffene Betriebssysteme

- UNIX - Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Die GNU libc ist die Basis C Bibliothek unter Linux sowie anderen Unix-Betriebssystemen, welche die Systemaufrufe sowie Basisfunktionalit\u00e4t bereitstellt.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen in GNU libc ausnutzen, um seine Privilegien zu erh\u00f6hen oder einen Denial of Service Zustand herbeizuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0246 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0246.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0246 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0246"
      },
      {
        "category": "external",
        "summary": "glibc advisory announcement vom 2024-01-30",
        "url": "https://sourceware.org/pipermail/libc-announce/2024/000037.html"
      },
      {
        "category": "external",
        "summary": "Qualys Blog vom 2024-01-30",
        "url": "https://blog.qualys.com/vulnerabilities-threat-research/2024/01/30/qualys-tru-discovers-important-vulnerabilities-in-gnu-c-librarys-syslog"
      },
      {
        "category": "external",
        "summary": "Qualys Security Advisory mit PoC vom 2024-01-30",
        "url": "https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory vom 2024-01-30",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-07597a0fb3"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory vom 2024-01-30",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-aec80d6e8a"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory vom 2024-01-30",
        "url": "https://lists.debian.org/debian-security-announce/2024/msg00018.html"
      },
      {
        "category": "external",
        "summary": "glibc advisory announcement vom 2024-01-30",
        "url": "https://sourceware.org/pipermail/libc-announce/2024/000037.html"
      },
      {
        "category": "external",
        "summary": "Gentoo Linux Security Advisory GLSA-202402-01 vom 2024-02-02",
        "url": "https://security.gentoo.org/glsa/202402-01"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6620-1 vom 2024-02-01",
        "url": "https://ubuntu.com/security/notices/USN-6620-1"
      }
    ],
    "source_lang": "en-US",
    "title": "GNU libc: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-02-01T23:00:00.000+00:00",
      "generator": {
        "date": "2024-02-15T17:58:36.868+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2024-0246",
      "initial_release_date": "2024-01-30T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-01-30T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-02-01T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Gentoo und Ubuntu aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Gentoo Linux",
            "product": {
              "name": "Gentoo Linux",
              "product_id": "T012167",
              "product_identification_helper": {
                "cpe": "cpe:/o:gentoo:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Gentoo"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source GNU libc \u003c 2.36-9+deb12u4",
            "product": {
              "name": "Open Source GNU libc \u003c 2.36-9+deb12u4",
              "product_id": "T032430",
              "product_identification_helper": {
                "cpe": "cpe:/a:gnu:glibc:2.36-9deb12u4"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-6780",
      "notes": [
        {
          "category": "description",
          "text": "In GNU libc existieren mehrere Schwachstellen. Diese sind auf verschiedene Buffer- sowie Heap-Overflows zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T000126",
          "T012167"
        ]
      },
      "release_date": "2024-01-30T23:00:00Z",
      "title": "CVE-2023-6780"
    },
    {
      "cve": "CVE-2023-6779",
      "notes": [
        {
          "category": "description",
          "text": "In GNU libc existieren mehrere Schwachstellen. Diese sind auf verschiedene Buffer- sowie Heap-Overflows zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T000126",
          "T012167"
        ]
      },
      "release_date": "2024-01-30T23:00:00Z",
      "title": "CVE-2023-6779"
    },
    {
      "cve": "CVE-2023-6246",
      "notes": [
        {
          "category": "description",
          "text": "In GNU libc existieren mehrere Schwachstellen. Diese sind auf verschiedene Buffer- sowie Heap-Overflows zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T000126",
          "T012167"
        ]
      },
      "release_date": "2024-01-30T23:00:00Z",
      "title": "CVE-2023-6246"
    }
  ]
}

wid-sec-w-2024-0897

Vulnerability from csaf_certbund

Published

2024-04-16 22:00

Modified

2024-04-16 22:00

Summary

Oracle Hyperion: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Oracle Hyperion bietet Lösungen für Business Intelligence, Planung und Konsolidierung.

Angriff

Ein lokaler Angreifer kann mehrere Schwachstellen in Oracle Hyperion ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme

- Linux - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Oracle Hyperion bietet L\u00f6sungen f\u00fcr Business Intelligence, Planung und Konsolidierung.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen in Oracle Hyperion ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0897 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0897.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0897 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0897"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - April 2024 - Appendix Oracle Hyperion vom 2024-04-16",
        "url": "https://www.oracle.com/security-alerts/cpuapr2024.html#AppendixHYP"
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle Hyperion: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-04-16T22:00:00.000+00:00",
      "generator": {
        "date": "2024-04-17T10:37:22.017+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2024-0897",
      "initial_release_date": "2024-04-16T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-04-16T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "11.2.16.0.000",
                "product": {
                  "name": "Oracle Hyperion 11.2.16.0.000",
                  "product_id": "T034171",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:hyperion:11.2.16.0.000"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Hyperion"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-29081",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Hyperion existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein lokaler Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL-HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T034171"
        ]
      },
      "release_date": "2024-04-16T22:00:00Z",
      "title": "CVE-2023-29081"
    },
    {
      "cve": "CVE-2023-6246",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Hyperion existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein lokaler Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL-HOCH\" f\u00fcr die Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T034171"
        ]
      },
      "release_date": "2024-04-16T22:00:00Z",
      "title": "CVE-2023-6246"
    }
  ]
}

gsd-2023-6246

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.

Aliases

CVE-2023-6246

Aliases

CVE-2023-6246

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-6246",
    "id": "GSD-2023-6246"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-6246"
      ],
      "details": "A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.",
      "id": "GSD-2023-6246",
      "modified": "2023-12-13T01:20:32.666225Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2023-6246",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "glibc",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "versions": [
                              {
                                "status": "unaffected",
                                "version": "2.39"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            },
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Red Hat Enterprise Linux 6",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "unaffected"
                          }
                        },
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "unaffected"
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Red Hat Enterprise Linux 7",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "unaffected"
                          }
                        },
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "unaffected"
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Red Hat Enterprise Linux 8",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "unaffected"
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Red Hat Enterprise Linux 9",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "unaffected"
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Red Hat"
            },
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Fedora",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected"
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Fedora"
            }
          ]
        }
      },
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Qualys Threat Research Unit for reporting this issue."
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-122",
                "lang": "eng",
                "value": "Heap-based Buffer Overflow"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://packetstormsecurity.com/files/176931/glibc-qsort-Out-Of-Bounds-Read-Write.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/176931/glibc-qsort-Out-Of-Bounds-Read-Write.html"
          },
          {
            "name": "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html"
          },
          {
            "name": "http://seclists.org/fulldisclosure/2024/Feb/3",
            "refsource": "MISC",
            "url": "http://seclists.org/fulldisclosure/2024/Feb/3"
          },
          {
            "name": "http://seclists.org/fulldisclosure/2024/Feb/5",
            "refsource": "MISC",
            "url": "http://seclists.org/fulldisclosure/2024/Feb/5"
          },
          {
            "name": "https://access.redhat.com/security/cve/CVE-2023-6246",
            "refsource": "MISC",
            "url": "https://access.redhat.com/security/cve/CVE-2023-6246"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2249053",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249053"
          },
          {
            "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/",
            "refsource": "MISC",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/"
          },
          {
            "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/",
            "refsource": "MISC",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/"
          },
          {
            "name": "https://security.gentoo.org/glsa/202402-01",
            "refsource": "MISC",
            "url": "https://security.gentoo.org/glsa/202402-01"
          },
          {
            "name": "https://www.openwall.com/lists/oss-security/2024/01/30/6",
            "refsource": "MISC",
            "url": "https://www.openwall.com/lists/oss-security/2024/01/30/6"
          },
          {
            "name": "https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt",
            "refsource": "MISC",
            "url": "https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20240216-0007/",
            "refsource": "MISC",
            "url": "https://security.netapp.com/advisory/ntap-20240216-0007/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "5618FB1A-596C-4054-8DB6-7A9F189D9AFC",
                    "versionEndExcluding": "2.39",
                    "versionStartIncluding": "2.36",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
                    "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer."
          },
          {
            "lang": "es",
            "value": "Se encontr\u00f3 un desbordamiento de b\u00fafer en la regi\u00f3n Heap de la memoria en la funci\u00f3n __vsyslog_internal de la librer\u00eda glibc. Esta funci\u00f3n es llamada por las funciones syslog y vsyslog. Este problema ocurre cuando no se llam\u00f3 a la funci\u00f3n openlog, o se llam\u00f3 con el argumento ident establecido en NULL, y el nombre del programa (el nombre base de argv[0]) tiene m\u00e1s de 1024 bytes, lo que provoca un bloqueo de la aplicaci\u00f3n o una escalada de privilegios locales. Este problema afecta a glibc 2.36 y versiones posteriores."
          }
        ],
        "id": "CVE-2023-6246",
        "lastModified": "2024-02-16T13:15:10.023",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 1.8,
              "impactScore": 5.9,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 2.5,
              "impactScore": 5.9,
              "source": "secalert@redhat.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2024-01-31T14:15:48.420",
        "references": [
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Exploit",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://packetstormsecurity.com/files/176931/glibc-qsort-Out-Of-Bounds-Read-Write.html"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Exploit",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Exploit",
              "Third Party Advisory"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Feb/3"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Exploit",
              "Third Party Advisory"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Feb/5"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-6246"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Issue Tracking",
              "Third Party Advisory"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249053"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Mailing List"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Mailing List"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://security.gentoo.org/glsa/202402-01"
          },
          {
            "source": "secalert@redhat.com",
            "url": "https://security.netapp.com/advisory/ntap-20240216-0007/"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Exploit",
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2024/01/30/6"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Exploit",
              "Third Party Advisory"
            ],
            "url": "https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt"
          }
        ],
        "sourceIdentifier": "secalert@redhat.com",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-787"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-122"
              }
            ],
            "source": "secalert@redhat.com",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

ghsa-p6rw-gvvh-q8v4

Vulnerability from github

Published

2024-01-31 15:30

Modified

2024-02-16 15:30

Severity ?

8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-6246"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-122",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-31T14:15:48Z",
    "severity": "HIGH"
  },
  "details": "A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.",
  "id": "GHSA-p6rw-gvvh-q8v4",
  "modified": "2024-02-16T15:30:26Z",
  "published": "2024-01-31T15:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6246"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2023-6246"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249053"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202402-01"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20240216-0007"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2024/01/30/6"
    },
    {
      "type": "WEB",
      "url": "https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/176931/glibc-qsort-Out-Of-Bounds-Read-Write.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Feb/3"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Feb/5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2023-6246

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature

Action not permitted

CVE-2023-6246

Vulnerability from cvelistv5

wid-sec-w-2024-0246

Vulnerability from csaf_certbund

wid-sec-w-2024-0897

Vulnerability from csaf_certbund

gsd-2023-6246

Vulnerability from gsd

ghsa-p6rw-gvvh-q8v4

Vulnerability from github

Tags

Sightings

Nomenclature