摘要:
An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap.
安全等级: Low
公告ID: KylinSec-SA-2022-2030
发布日期: 2022年9月23日
关联CVE: CVE-2022-39046
An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap.
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2022-39046 | KY3.4-4A | glibc | Unaffected |
| CVE-2022-39046 | KY3.4-5 | glibc | Unaffected |
| CVE-2022-39046 | KY3.5.1 | glibc | Unaffected |
