CVE-2023-6779: heap-overflow in glibc __vsyslog_internal via uninitialized bufsize in secondary buffer path

CVE-2023-6779: heap buffer overflow in glibc's __vsyslog_internal (misc/syslog.c). When the syslog header (priority + timestamp + LogTag + pid) exceeds the 1024-byte static buffer, the bufsize variable is never set (remains 0), causing malloc(1) to be used for the dynamic buffer. A subsequent __snprintf call then writes the full header (potentially thousands of bytes) into that 1-byte allocation, causing a heap overflow. Exploitable by setting a long LogTag via openlog() with a string >= ~990 bytes, then calling syslog().