CVE-2023-6779
7.5
HIGH
CVSS 3.1
EPSS 0.65%
Description
An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer.
How to fix CVE-2023-6779
To remediate CVE-2023-6779, upgrade the affected package to a fixed version below.
- —upgrade to 2.36-9+deb12u4 or later
Is CVE-2023-6779 being exploited?
Low — EPSS is 0.7%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.36-9+deb12u4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |