Updated: 2024-03-26 20:28:08.291359
Description:
An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | 0 | |
CVSS Version 3.x | MEDIUM | 5.3 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated |
---|---|---|---|---|---|---|---|
AlmaLinux 9.2 ESU | glibc | 2.34 | 5.3 | MEDIUM | Not Vulnerable | 2024-02-12 04:08:39 | |
CentOS 6 ELS | glibc | 2.12 | 5.3 | MEDIUM | Not Vulnerable | 2024-02-12 04:08:44 | |
CentOS 8.4 ELS | glibc | 2.28 | 5.3 | MEDIUM | Not Vulnerable | 2024-02-12 04:08:39 | |
CentOS 8.5 ELS | glibc | 2.28 | 5.3 | MEDIUM | Not Vulnerable | 2024-02-12 04:08:44 | |
CloudLinux 6 ELS | glibc | 2.12 | 5.3 | MEDIUM | Not Vulnerable | 2024-02-12 04:08:39 | |
Oracle Linux 6 ELS | glibc | 2.12 | 5.3 | MEDIUM | Not Vulnerable | 2024-02-12 04:08:39 | |
Ubuntu 16.04 ELS | glibc | 2.23-0 | 5.3 | MEDIUM | Not Vulnerable | 2024-02-12 10:08:32 | |
Ubuntu 18.04 ELS | glibc | 2.27-3 | 5.3 | MEDIUM | Not Vulnerable | 2024-02-12 10:08:32 |