CVE-2022-39046

Published: Aug 31, 2022Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap.

Affected (7)

Products: Gnu: Glibc · Netapp: H300s Firmware, H500s Firmware, H700s Firmware, H410s Firmware, H410c Firmware, Ontap Select Deploy Administration Utility

1 product

6 products

Ontap Select Deploy Administration Utility

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gnu Glibc	Version 2.36

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H300s Firmware	All versions

Running on/with	Platform Versions
Netapp H300s	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H500s Firmware	All versions

Running on/with	Platform Versions
Netapp H500s	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H700s Firmware	All versions

Running on/with	Platform Versions
Netapp H700s	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H410s Firmware	All versions

Running on/with	Platform Versions
Netapp H410s	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H410c Firmware	All versions

Running on/with	Platform Versions
Netapp H410c	All versions

Configuration G

1 vulnerable

Vulnerable Software	Affected Versions
Netapp Ontap Select Deploy Administration Utility	All versions

Related CWEs

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (14)

http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html

Source: cve@mitre.org

http://seclists.org/fulldisclosure/2024/Feb/3

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2024/01/30/6

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2024/01/30/8

Source: cve@mitre.org

https://security.gentoo.org/glsa/202310-03

Source: cve@mitre.org

Third Party Advisory

https://security.netapp.com/advisory/ntap-20221104-0002/

Source: cve@mitre.org

Third Party Advisory

https://sourceware.org/bugzilla/show_bug.cgi?id=29536

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2024/Feb/3

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2024/01/30/6

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2024/01/30/8

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/202310-03

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security.netapp.com/advisory/ntap-20221104-0002/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://sourceware.org/bugzilla/show_bug.cgi?id=29536

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

Timeline

No history available yet.