CVE-2023-6780
5.3
MEDIUM
CVSS 3.1
EPSS 0.23%
Description
An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.
How to fix CVE-2023-6780
To remediate CVE-2023-6780, upgrade the affected package to a fixed version below.
- —upgrade to 2.36-9+deb12u4 or later
Is CVE-2023-6780 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.36-9+deb12u4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |