“This vulnerability was introduced in glibc 2.37 (in August 2022) by the following commit…and was also backported to glibc 2.36 because this commit was a fix for another, minor vulnerability in __vsyslog_internal()”
https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt
Mastodon Source 🐘
/ht https://xeiaso.net//shitposts/no-way-to-prevent-this/CVE-2023-6246/