Problemunvalidated
When a very long program identifier (ident string) is passed to openlog(), the syslog header formatting exceeds the 1024-byte static buffer. — glibc's syslog logging subsystem (version 2.37 and earlier). Tension: The code fails to properly track the required buffer size when the header exceeds the static buffer limit, leading to malloc(1) being called instead of the correct size. Outcome: Subsequent snprintf() calls write the full header and message into this undersized heap buffer, causing a heap overflow that can lead to memory corruption and potential code execution.
39db0bef-2e9a-4ec7-86a0-a9a7a76c963a
When a very long program identifier (ident string) is passed to openlog(), the syslog header formatting exceeds the 1024-byte static buffer. — glibc's syslog logging subsystem (version 2.37 and earlier). Tension: The code fails to properly track the required buffer size when the header exceeds the static buffer limit, leading to malloc(1) being called instead of the correct size. Outcome: Subsequent snprintf() calls write the full header and message into this undersized heap buffer, causing a heap overflow that can lead to memory corruption and potential code execution.