The Qualys Research Labs discovered several vulnerabilities in the GNU C Library"s __vsyslog_internal function . A heap-based buffer overflow , an off-by-one heap overflow and an integer overflow can be exploited for privilege escalation or denial of service. Details can be found in the Qualys advisory at https://www.qualys.com/2024/01/30/syslog Additionally a memory corruption was discovered in the glibc"s qsort function, due to missing bounds check and when called by a program with a non-transitive comparison function and a large number of attacker-controlled elements. As the use of qsort with a non-transitive comparison function is undefined according to POSIX and ISO C standards, this is not considered a vulnerability in the glibc itself. However the qsort implementation was hardened against misbehaving callers. Details can be found in the Qualys advisory at https://www.qualys.com/2024/01/30/qsort