Is Messaging Gateway vulnerable to CVE-2023-6246 (glibc local privilege escalation)

search cancel

Is Messaging Gateway vulnerable to CVE-2023-6246 (glibc local privilege escalation)

book

Article ID: 280375

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

CVE-2023-6246

A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.

Environment

Messaging Gateway

Resolution

At the time of this writing no supported version of Messaging Gateway (10.7.0 through 10.9.0) is vulnerable to CVE-2023-6246.

Additional Information

https://nvd.nist.gov/vuln/detail/CVE-2023-6246
https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt

Feedback

thumb_up Yes

thumb_down No