An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap.
The product writes sensitive information to a log file.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Glibc | Gnu | 2.36 (including) | 2.36 (including) |
Eglibc | Ubuntu | trusty | * |
Glibc | Ubuntu | upstream | * |
Glibc | Ubuntu | xenial | * |