CVE-2023-6780 – Glibc: integer overflow in __vsyslog_internal()
https://notcve.org/view.php?id=CVE-2023-6780
An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer. Se encontró un desbordamiento de enteros en la función __vsyslog_internal de la liibrería glibc. • http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html http://seclists.org/fulldisclosure/2024/Feb/3 https://access.redhat.com/security/cve/CVE-2023-6780 https://bugzilla.redhat.com/show_bug.cgi?id=2254396 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ https://security.gentoo.org/glsa/202402 • CWE-131: Incorrect Calculation of Buffer Size CWE-190: Integer Overflow or Wraparound •
CVE-2023-6779 – Glibc: off-by-one heap-based buffer overflow in __vsyslog_internal()
https://notcve.org/view.php?id=CVE-2023-6779
An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer. Se encontró un desbordamiento de búfer en la región Heap de la memoria de off-by-one en la función __vsyslog_internal de la librería glibc. • http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html http://seclists.org/fulldisclosure/2024/Feb/3 https://access.redhat.com/security/cve/CVE-2023-6779 https://bugzilla.redhat.com/show_bug.cgi?id=2254395 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ https://security.gentoo.org/glsa/202402 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2023-6246 – Glibc: heap-based buffer overflow in __vsyslog_internal()
https://notcve.org/view.php?id=CVE-2023-6246
A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer. Se encontró un desbordamiento de búfer en la región Heap de la memoria en la función __vsyslog_internal de la librería glibc. • https://github.com/elpe-pinillo/CVE-2023-6246 http://packetstormsecurity.com/files/176931/glibc-qsort-Out-Of-Bounds-Read-Write.html http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html http://seclists.org/fulldisclosure/2024/Feb/3 http://seclists.org/fulldisclosure/2024/Feb/5 https://access.redhat.com/security/cve/CVE-2023-6246 https://bugzilla.redhat.com/show_bug.cgi?id=2249053 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject& • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2024-1077
https://notcve.org/view.php?id=CVE-2024-1077
Use after free in Network in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High) El use after free en Network de Google Chrome anterior a 121.0.6167.139 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de un archivo malicioso. (Severidad de seguridad de Chromium: alta) • https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html https://crbug.com/1511085 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NEUXJY3YC3VGIJW2AOHL4NZ7ZK7BRYWY https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCVKRHRWPMITSVFBHQBSNXOVJAKT547Q • CWE-416: Use After Free •
CVE-2024-1060
https://notcve.org/view.php?id=CVE-2024-1060
Use after free in Canvas in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) El use after free en Canvas en Google Chrome anterior a 121.0.6167.139 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chromium: alta) • https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html https://crbug.com/1511567 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NEUXJY3YC3VGIJW2AOHL4NZ7ZK7BRYWY https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCVKRHRWPMITSVFBHQBSNXOVJAKT547Q • CWE-416: Use After Free •