Cyber Resilience

CVE-2023-6780

MediumPublic PoCUpdated

Published: 31 January 2024

Published
31 January 2024
Modified
12 May 2026
KEV Added
Patch
CVSS Score v3.1 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Score 0.0023 45.9th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-6780 is a medium-severity Incorrect Calculation of Buffer Size (CWE-131) vulnerability in Fedoraproject Fedora. Its CVSS base score is 5.3 (Medium).

Operationally, ranked at the 45.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect…

more

calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

gnu
glibc
2.37 — 2.39
fedoraproject
fedora
38, 39

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References