These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2023-6780 is a medium-severity issue in glibc's __vsyslog_internal path, which is used by syslog and vsyslog. According to the CVE record, very long log messages can cause an incorrect buffer-size calculation, leading to undefined behavior. The NVD data maps affected glibc releases to 2.37 through before 2.39, which means 2.37 and 2.38 are in scope in the supplied corpus.
CVE-2023-6779 is an off-by-one heap-based buffer overflow in glibc’s __vsyslog_internal path, which is used by syslog and vsyslog. According to the NVD description, the bug is triggered when these functions process a message larger than INT_MAX bytes, leading to an incorrect buffer-size calculation and potential application crash. NVD rates the issue as HIGH (CVSS 8.2), with no confidentiality impact in t [truncated]
CVE-2023-6246 is a high-severity flaw in glibc’s __vsyslog_internal path. Under a specific set of conditions, an application can trigger a heap-based buffer overflow when syslog/vsyslog is used without a prior openlog call, or when openlog is called with a NULL ident, and the program name derived from argv[0] is longer than 1024 bytes. The reported impact is application crash and, in some contexts, local [truncated]
CVE-2023-46219 is a medium-severity curl issue published on 2023-12-12. According to the advisory summary, saving HSTS data to an excessively long file name can cause curl to remove all contents of that HSTS data file. If that happens, subsequent requests that rely on the file may no longer see the HSTS status they should have used.
CVE-2023-46218 is a curl cookie-handling flaw that can let a malicious HTTP server set "super cookies" by bypassing Public Suffix List checks when the cookie domain case differs from the host case. That can cause cookies to be returned to unrelated origins and domains, creating unintended cross-site cookie exposure. NVD rates the issue CVSS 3.1 6.5 (MEDIUM).