CVE-2022-39046

An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap.
Configurations

Configuration 1 (hide)

cpe:2.3:a:gnu:glibc:2.36:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

Configuration 7 (hide)

cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:17

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 5.3
v2 : unknown
v3 : 7.5
References () http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html - () http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html -
References () http://seclists.org/fulldisclosure/2024/Feb/3 - () http://seclists.org/fulldisclosure/2024/Feb/3 -
References () http://www.openwall.com/lists/oss-security/2024/01/30/6 - () http://www.openwall.com/lists/oss-security/2024/01/30/6 -
References () http://www.openwall.com/lists/oss-security/2024/01/30/8 - () http://www.openwall.com/lists/oss-security/2024/01/30/8 -
References () https://security.gentoo.org/glsa/202310-03 - Third Party Advisory () https://security.gentoo.org/glsa/202310-03 - Third Party Advisory
References () https://security.netapp.com/advisory/ntap-20221104-0002/ - Third Party Advisory () https://security.netapp.com/advisory/ntap-20221104-0002/ - Third Party Advisory
References () https://sourceware.org/bugzilla/show_bug.cgi?id=29536 - Exploit, Issue Tracking, Third Party Advisory () https://sourceware.org/bugzilla/show_bug.cgi?id=29536 - Exploit, Issue Tracking, Third Party Advisory

04 Feb 2024, 09:15

Type Values Removed Values Added
References
  • () http://seclists.org/fulldisclosure/2024/Feb/3 -

31 Jan 2024, 18:15

Type Values Removed Values Added
References
  • () http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html -

30 Jan 2024, 21:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/01/30/6 -
  • () http://www.openwall.com/lists/oss-security/2024/01/30/8 -

06 Nov 2023, 17:33

Type Values Removed Values Added
References (GENTOO) https://security.gentoo.org/glsa/202310-03 - (GENTOO) https://security.gentoo.org/glsa/202310-03 - Third Party Advisory

04 Oct 2023, 10:15

Type Values Removed Values Added
References
  • (GENTOO) https://security.gentoo.org/glsa/202310-03 -

Information

Published : 2022-08-31 06:15

Updated : 2024-11-21 07:17


NVD link : CVE-2022-39046

Mitre link : CVE-2022-39046

CVE.ORG link : CVE-2022-39046


JSON object : View

Products Affected

netapp

  • h700s
  • h300s
  • h300s_firmware
  • ontap_select_deploy_administration_utility
  • h410s_firmware
  • h410c_firmware
  • h500s
  • h410c
  • h700s_firmware
  • h410s
  • h500s_firmware

gnu

  • glibc
CWE
CWE-532

Insertion of Sensitive Information into Log File