CVE-2022-39046 - OpenCVE

An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Netapp	H700s H410c Ontap Select Deploy Administration Utility H500s H410s Firmware H410s H410c Firmware H500s Firmware H300s Firmware H700s Firmware H300s
Gnu	Glibc

Configuration 1 [-]

cpe:2.3:a:gnu:glibc:2.36:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

Configuration 7 [-]

cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*

References

Link	Resource
http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html
http://seclists.org/fulldisclosure/2024/Feb/3
http://www.openwall.com/lists/oss-security/2024/01/30/6
http://www.openwall.com/lists/oss-security/2024/01/30/8
https://security.gentoo.org/glsa/202310-03	Third Party Advisory
https://security.netapp.com/advisory/ntap-20221104-0002/	Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=29536	Exploit Issue Tracking Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-08-31T00:00:00

Updated: 2024-02-04T09:07:02.022766

Reserved: 2022-08-31T00:00:00

Link: CVE-2022-39046

JSON object: View

NVD Information

Status : Modified

Published: 2022-08-31T06:15:07.467

Modified: 2024-02-04T09:15:08.257

Link: CVE-2022-39046

JSON object: View

Redhat Information

No data.

CWE

CWE-532

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-39046", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-02-04T09:07:02.022766", "dateReserved": "2022-08-31T00:00:00", "datePublished": "2022-08-31T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-02-04T09:07:02.022766"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29536"}, {"url": "https://security.netapp.com/advisory/ntap-20221104-0002/"}, {"name": "GLSA-202310-03", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202310-03"}, {"name": "[oss-security] 20240130 Re: CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog()", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2024/01/30/8"}, {"name": "[oss-security] 20240130 CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog()", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2024/01/30/6"}, {"url": "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html"}, {"name": "20240204 CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog()", "tags": ["mailing-list"], "url": "http://seclists.org/fulldisclosure/2024/Feb/3"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:N/S:U/UI:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:glibc:2.36:*:*:*:*:*:*:*", "matchCriteriaId": "8AAB69CA-28ED-4C6F-A82D-C67EF2AEF5E5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", "matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap."}, {"lang": "es", "value": "Se ha detectado un problema en la biblioteca GNU C (glibc) versi\u00f3n 2.36. Cuando a la funci\u00f3n syslog le es pasada una cadena de entrada dise\u00f1ada de m\u00e1s de 1024 bytes, lee memoria no inicializada de la pila y la imprime en el archivo de registro de destino, revelando potencialmente una parte del contenido de la pila"}], "id": "CVE-2022-39046", "lastModified": "2024-02-04T09:15:08.257", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2022-08-31T06:15:07.467", "references": [{"source": "cve@mitre.org", "url": "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html"}, {"source": "cve@mitre.org", "url": "http://seclists.org/fulldisclosure/2024/Feb/3"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2024/01/30/6"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2024/01/30/8"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202310-03"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20221104-0002/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29536"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}]}