public inbox for
 help / color / mirror / Atom feed
* The GNU C Library security advisories update for 2024-02-30
@ 2024-01-30 18:23 Adhemerval Zanella Netto
  0 siblings, 0 replies; only message in thread
From: Adhemerval Zanella Netto @ 2024-01-30 18:23 UTC (permalink / raw)
  To: libc-announce

The following security advisories have been published:

syslog: Heap buffer overflow in __vsyslog_internal (CVE-2023-6246)

__vsyslog_internal did not handle a case where printing a SYSLOG_HEADER
containing a long program name failed to update the required buffer
size, leading to the allocation and overflow of a too-small buffer on
the heap.

syslog: Heap buffer overflow in __vsyslog_internal (CVE-2023-6779)

__vsyslog_internal used the return value of snprintf/vsnprintf to
calculate buffer sizes for memory allocation.  If these functions (for
any reason) failed and returned -1, the resulting buffer would be too
small to hold output.

syslog: Integer overflow in __vsyslog_internal (CVE-2023-6780)

__vsyslog_internal calculated a buffer size by adding two integers, but
did not first check if the addition would overflow.


Published advisories are available directly in the project git repository:;a=tree;f=advisories;hb=HEAD

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2024-01-30 18:23 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-01-30 18:23 The GNU C Library security advisories update for 2024-02-30 Adhemerval Zanella Netto

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).