QwikSec

Security Database

CVE

CWE

Training

CVE-2022-39046

Published: Aug 31, 2022

Modified: Aug 3, 2024

PUBLISHED

CVSS v3.1

7.5

HIGH

Description

An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:N/S:U/UI:N

Attack Complexity

Low

Attack Vector

Network

Availability

None

Confidentiality

High

Integrity

None

Privileges Required

None

Scope

Unchanged

User Interaction

None

References

https://sourceware.org/bugzilla/show_bug.cgi?id=29536

https://security.netapp.com/advisory/ntap-20221104-0002/

vendor-advisory

[oss-security] 20240130 Re: CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog()

mailing-list

[oss-security] 20240130 CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog()

mailing-list

http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html

20240204 CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog()

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.