Vulnerability Details CVE-2022-39046
An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 64.0%
CVSS Severity
CVSS v3 Score 7.5
References
- http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html
- http://seclists.org/fulldisclosure/2024/Feb/3
- http://www.openwall.com/lists/oss-security/2024/01/30/6
- http://www.openwall.com/lists/oss-security/2024/01/30/8
- https://security.gentoo.org/glsa/202310-03
- https://security.netapp.com/advisory/ntap-20221104-0002/
- https://sourceware.org/bugzilla/show_bug.cgi?id=29536
- http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html
- http://seclists.org/fulldisclosure/2024/Feb/3
- http://www.openwall.com/lists/oss-security/2024/01/30/6
- http://www.openwall.com/lists/oss-security/2024/01/30/8
- https://security.gentoo.org/glsa/202310-03
- https://security.netapp.com/advisory/ntap-20221104-0002/
- https://sourceware.org/bugzilla/show_bug.cgi?id=29536
Products affected by CVE-2022-39046
-
cpe:2.3:a:gnu:glibc:2.36
-
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-
-
cpe:2.3:h:netapp:h300s:-
-
cpe:2.3:h:netapp:h410c:-
-
cpe:2.3:h:netapp:h410s:-
-
cpe:2.3:h:netapp:h500s:-
-
cpe:2.3:h:netapp:h700s:-
-
cpe:2.3:o:netapp:h300s_firmware:-
-
cpe:2.3:o:netapp:h410c_firmware:-
-
cpe:2.3:o:netapp:h410s_firmware:-
-
cpe:2.3:o:netapp:h500s_firmware:-
-
cpe:2.3:o:netapp:h700s_firmware:-