QID 379329

The GNU C Library, or glibc, is an essential component of virtually every Linux-based system, serving as the core interface between applications and the Linux kernel. A significant security flaw has been identified in the GNU C Library __vsyslog_internal() function, affecting syslog() and vsyslog().

In our analysis of the same function affected by CVE-2023-6246, we identified two additional, albeit minor, vulnerabilities:
CVE-2023-6779 (glibc): This vulnerability involves an off-by-one heap-based buffer overflow in the __vsyslog_internal() function.
CVE-2023-6780 (glibc): This is an integer overflow issue in the __vsyslog_internal() function.

The discovery of vulnerabilities in the GNU C Library syslog and qsort functions raises major security concerns. The syslog vulnerability, a heap-based buffer overflow, can allow local users to gain full root access, impacting major Linux distributions. Similarly, the qsort vulnerability, stemming from a missing bounds check, can lead to memory corruption and has affected all glibc versions since 1992. These flaws highlight the critical need for strict security measures in software development, especially for core libraries widely used across many systems and applications.
Affected Product versions:

Glibc versions 2.36
Glibc versions 2.37
Glibc versions 2.38

QID Detection Logic:
Detection checks for linux operating systems package manager managed glibc package version

Successful exploitation allows attacker to gain root access on the affected system.