Main Vulnerability Database Exploits ID:9535 - Exploit for Heap-based buffer overflow in Glibc - CVE-2023-6246

ID:9535 - Exploit for Heap-based buffer overflow in Glibc - CVE-2023-6246

Published: January 31, 2024

Vulnerability identifier: #VU85932

Vulnerability risk: Low

CVE-ID: CVE-2023-6246

CWE-ID: CWE-122

Exploitation vector: Local access

Vulnerable software:
Glibc

Link to public exploit:

https://seclists.org/oss-sec/2024/q1/68#CVE-2023-6246

Vulnerability description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the __vsyslog_internal() function, which is called by both syslog() and vsyslog() while printing the SYSLOG_HEADER containing a long program name. A local user can pass a specially crafted input as arguments to the affected application, trigger a heap-based buffer overflow and execute arbitrary code on the system.

Remediation

Install updates from vendor's website.

ID:9535 - Exploit for Heap-based buffer overflow in Glibc - CVE-2023-6246

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human