Buffer overflow in Gnu Glibc
CVE-2023-6246
A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ide…
Vulnerability class: Buffer Overflow
EPSS: 0.270 (96.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.4 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Gnu Glibc
- Fedora
- Fedoraproject Fedora — versions 38, 39
- Red Hat Enterprise Linux 6
- Red Hat Enterprise Linux 7
- Red Hat Enterprise Linux 8
- Red Hat Enterprise Linux 9
- N/a Glibc — versions 2.39
Weakness classification (CWE)
Public proof-of-concept exploits
References
- secalert@redhat.com (Exploit, VDB Entry, Third Party Advisory)
- secalert@redhat.com (Exploit, VDB Entry, Third Party Advisory)
- secalert@redhat.com (Exploit, Third Party Advisory)
- secalert@redhat.com (Exploit, Third Party Advisory)
- secalert@redhat.com (x_refsource_REDHAT, Third Party Advisory, vdb-entry)
- secalert@redhat.com (x_refsource_REDHAT, issue-tracking, Third Party Advisory, Issue Tracking)
- secalert@redhat.com (Mailing List)
- secalert@redhat.com (Mailing List)
- secalert@redhat.com (Third Party Advisory)
- secalert@redhat.com (Exploit, Mailing List, Third Party Advisory)
Frequently asked questions
- What is CVE-2023-6246?
- CVE-2023-6246 is a high-severity vulnerability in Gnu Glibc, classified under Heap-based Buffer Overflow. CVSS score: 8.4/10. Published 2024-01-31.
- How severe is CVE-2023-6246?
- High severity. CVSS v3 base score is 8.4 out of 10.
- Is CVE-2023-6246 known to be exploited?
- 17 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.