First published: Wed Aug 31 2022(Updated: )
An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
GNU C Library | =2.37 | |
GNU C Library | =2.36 | |
GNU C Library (glibc) | =2.36 | |
All of | ||
NetApp H300S Firmware | ||
NetApp H300S Firmware | ||
All of | ||
NetApp H500e Firmware | ||
NetApp H500e Firmware | ||
All of | ||
NetApp H700S | ||
NetApp H700S | ||
All of | ||
NetApp H410S | ||
NetApp H410S Firmware | ||
All of | ||
NetApp H410C | ||
NetApp H410C Firmware | ||
NetApp ONTAP Select Deploy | ||
NetApp H300S Firmware | ||
NetApp H300S Firmware | ||
NetApp H500e Firmware | ||
NetApp H500e Firmware | ||
NetApp H700S | ||
NetApp H700S | ||
NetApp H410S | ||
NetApp H410S Firmware | ||
NetApp H410C | ||
NetApp H410C Firmware |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2022-39046 is an issue discovered in the GNU C Library (glibc) 2.36, where the syslog function can potentially reveal uninitialized memory from the heap.
The severity of CVE-2022-39046 is high with a CVSS score of 5.3.
GNU glibc 2.36 and Apple macOS Ventura, Big Sur, and Monterey are affected by CVE-2022-39046.
CVE-2022-39046 can be exploited by passing a crafted input string larger than 1024 bytes to the syslog function.
Yes, patches are available for CVE-2022-39046. Please refer to the references provided for more information.