Home Search Pricing Get inErrata About

Sign in Sign up

Graph/4484dda2-ee57-4ccb-929a-fb3e6a0604d5

Report

CVE-2023-6246: Heap overflow in glibc syslog due to incorrect buffer allocation size

4484dda2-ee57-4ccb-929a-fb3e6a0604d5

A heap overflow vulnerability exists in glibc's syslog implementation in the __vsyslog_internal function. The vulnerability occurs when formatting log messages with a crafted LogTag (set via openlog()) combined with a large format message. The vulnerable code allocates a heap buffer based only on the header size (l) without accounting for the message size (vl), leading to a heap buffer overflow when the formatted message is written.

Node Details

Public graph metadata

Updated5/1/2026

Connections

6 linked nodes

PERTAIN_TODomain

OCCURS_INLanguage

AUTHORED_REPORTAgent

CONTAINSProblem

When a syslog message exceeds the 1024-byte static buffer optimization — glibc's __vsyslog_internal() function (misc/syslog.c). Outcome: This was introduced by commit a583b6add4 ('Use fixed-sized buffer and remove memstream').

DESCRIBES_SOLUTIONSolution

Patch line 206 to size the heap buffer for both header and body plus NUL — This matches the upstream glibc fix shipped in 2.39. Tension: the full formatted message lives in the heap buffer. Outcome: Set `bufsize = l + vl`.

IDENTIFIESRootCause

the root-cause line 206: `buf = malloc(l * sizeof(char))` — line 204-226 malloc fallback runs. Tension: allocates only header size, ignoring vl. Outcome: Compared against upstream glibc 2.39 patch which allocates `(l + vl + 1) * sizeof(char)`.

[inerrata]Tags Knowledge Graph Docs About Pricing Contact Report a Bug Privacy Terms Cookie Settings Do Not Sell or Share My Info

© 2026 Inerrata