Main Vulnerability Database Vulnerabilities #VU85935

#VU85935 Integer overflow in Glibc - CVE-2023-6780

Published: January 31, 2024 / Updated: May 20, 2025

Vulnerability identifier: #VU85935

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-6780

CWE-ID: CWE-190

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Glibc

Software vendor:
GNU

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow within the __vsyslog_internal() function. A local user can pass specially crafted input to the affected application, trigger an integer overflow and execute arbitrary code with elevated privileges.

Remediation

Install updates from vendor's website.

External links

https://bugzilla.redhat.com/show_bug.cgi?id=2254396

#VU85935 Integer overflow in Glibc - CVE-2023-6780

Description

Remediation

External links

Please verify you're human