CVE-2023-6246: Heap overflow in glibc __vsyslog_internal due to undersized malloc

glibc's __vsyslog_internal() in misc/syslog.c contains a heap buffer overflow (CVE-2023-6246, Qualys "Looney Tunables" sibling). When a syslog message + header exceeds the 1024-byte static bufs[], the code falls back to a heap allocation buf = malloc(l * sizeof(char)) where l is only the header length. The intended size is l + vl + 1 (header + body + NUL). When the message body is later written into buf + l, it overflows the chunk by ~vl bytes of attacker-controlled data — exploitable for local privilege escalation in setuid programs that call syslog().