An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html | |
http://seclists.org/fulldisclosure/2024/Feb/3 | |
http://www.openwall.com/lists/oss-security/2024/01/30/6 | |
http://www.openwall.com/lists/oss-security/2024/01/30/8 | |
https://security.gentoo.org/glsa/202310-03 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20221104-0002/ | Third Party Advisory |
https://sourceware.org/bugzilla/show_bug.cgi?id=29536 | Exploit Issue Tracking Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
|
History
04 Feb 2024, 09:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
31 Jan 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Jan 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 Nov 2023, 17:33
Type | Values Removed | Values Added |
---|---|---|
References | (GENTOO) https://security.gentoo.org/glsa/202310-03 - Third Party Advisory |
04 Oct 2023, 10:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 Dec 2022, 03:49
Type | Values Removed | Values Added |
---|---|---|
First Time |
Netapp h700s
Netapp h500s Netapp h700s Firmware Netapp h410c Firmware Netapp Netapp h410s Netapp ontap Select Deploy Administration Utility Netapp h300s Firmware Netapp h500s Firmware Netapp h300s Netapp h410c Netapp h410s Firmware |
|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20221104-0002/ - Third Party Advisory | |
CPE | cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:* |
04 Nov 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
05 Sep 2022, 03:19
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
First Time |
Gnu glibc
Gnu |
|
CWE | CWE-532 | |
References | (MISC) https://sourceware.org/bugzilla/show_bug.cgi?id=29536 - Exploit, Issue Tracking, Third Party Advisory | |
CPE | cpe:2.3:a:gnu:glibc:2.36:*:*:*:*:*:*:* |
31 Aug 2022, 06:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-08-31 06:15
Updated : 2024-02-04 09:15
NVD link : CVE-2022-39046
Mitre link : CVE-2022-39046
CVE.ORG link : CVE-2022-39046
JSON object : View
Products Affected
netapp
- h500s
- h410c
- h700s_firmware
- h410s
- h500s_firmware
- h300s
- h700s
- ontap_select_deploy_administration_utility
- h300s_firmware
- h410s_firmware
- h410c_firmware
gnu
- glibc
CWE
CWE-532
Insertion of Sensitive Information into Log File