{
  "threat_severity" : "Low",
  "public_date" : "2024-01-30T00:00:00Z",
  "bugzilla" : {
    "description" : "glibc: integer overflow in __vsyslog_internal()",
    "id" : "2254396",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2254396"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.3",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
    "status" : "draft"
  },
  "cwe" : "CWE-190",
  "details" : [ "An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.", "An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer." ],
  "statement" : "This issue can only result in a memory allocation failure when the syslog function is called with a very long message, preventing the output of the message. This is the only known impact of this issue and this CVE was assigned to track this possibility.\nThe glibc package, as shipped with Red Hat products, is not affected by this vulnerability because this issue was introduced in glibc 2.37, this glibc version is not used by any Red Hat product.",
  "acknowledgement" : "Red Hat would like to thank Qualys Threat Research Unit for reporting this issue.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "compat-glibc",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "glibc",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "compat-glibc",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "glibc",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "glibc",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "glibc",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-6780\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-6780\nhttps://www.openwall.com/lists/oss-security/2024/01/30/6\nhttps://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt" ],
  "name" : "CVE-2023-6780",
  "csaw" : false
}