CVE-2023-6246

Related Files

Gentoo Linux Security Advisory 202402-01

Posted Feb 2, 2024

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202402-1 - Multiple vulnerabilities in glibc could result in Local Privilege Escalation. Versions greater than or equal to 2.38-r10 are affected.

tags | advisory, local, vulnerability

systems | linux, gentoo

advisories | CVE-2023-5156, CVE-2023-6246, CVE-2023-6779, CVE-2023-6780

SHA-256 | dc5103364dcaf34b9733e914efeb23949628b3316a7502944e9a2800aca0bbdb

Download | Favorite | View

Ubuntu Security Notice USN-6620-1

Posted Feb 1, 2024

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6620-1 - It was discovered that the GNU C Library incorrectly handled the syslog function call. A local attacker could use this issue to execute arbitrary code and possibly escalate privileges.

tags | advisory, arbitrary, local

systems | linux, ubuntu

advisories | CVE-2023-6246

SHA-256 | 885d7737c8896c4979eff3130aedfac27d41d771214fabcaa738e3479072e0e6

Download | Favorite | View

glibc syslog() Heap-Based Buffer Overflow

Posted Jan 31, 2024

Authored by Qualys Security Advisory

Qualys discovered a heap-based buffer overflow in the GNU C Library's __vsyslog_internal() function, which is called by both syslog() and vsyslog(). This vulnerability was introduced in glibc 2.37 (in August 2022).

tags | exploit, advisory, overflow

advisories | CVE-2023-6246

SHA-256 | 848273d3a06e2a275e111a84edea6cdd3e2e29de8b47a4efd45b2d0d9c53c768

Download | Favorite | View

glibc qsort() Out-Of-Bounds Read / Write

Posted Jan 31, 2024

Authored by Qualys Security Advisory

Qualys discovered a memory corruption in the glibc's qsort() function, due to a missing bounds check. To be vulnerable, a program must call qsort() with a nontransitive comparison function (a function cmp(int a, int b) that returns (a - b), for example) and with a large number of attacker-controlled elements (to cause a malloc() failure inside qsort()). They have not tried to find such a vulnerable program in the real world. All glibc versions from at least September 1992 (glibc 1.04) to the current release (glibc 2.38) are affected, but the glibc's developers have independently discovered and patched this memory corruption in the master branch.

tags | exploit, advisory

advisories | CVE-2023-6246

SHA-256 | f022f88e03996ad79c15bbc5396c143469581fda50195569cb1d3981ecc6fad8

Download | Favorite | View

Debian Security Advisory 5611-1

Posted Jan 31, 2024

Authored by Debian | Site debian.org

Debian Linux Security Advisory 5611-1 - The Qualys Research Labs discovered several vulnerabilities in the GNU C Library's __vsyslog_internal() function (called by syslog() and vsyslog()). A heap-based buffer overflow (CVE-2023-6246), an off-by-one heap overflow (CVE-2023-6779) and an integer overflow (CVE-2023-6780) can be exploited for privilege escalation or denial of service.

tags | advisory, denial of service, overflow, vulnerability

systems | linux, debian

advisories | CVE-2023-6246, CVE-2023-6779, CVE-2023-6780

SHA-256 | b706fe5111adeb5e4961a0c6b856dd95656c158ab3611e3f050084786321653f

Download | Favorite | View