Published: 25/09/2012 Updated: 13/02/2023

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

Integer overflow in the rsCStrExtendBuf function in runtime/stringbuf.c in the imfile module in rsyslog 4.x prior to 4.6.6, 5.x prior to 5.7.4, and 6.x prior to 6.1.4 allows local users to cause a denial of service (daemon hang) via a large file, which triggers a heap-based buffer overflow.

Vulnerable Product	Search on Vulmon	Subscribe to Product
rsyslog rsyslog 4.5.6
rsyslog rsyslog 4.1.2
rsyslog rsyslog 4.5.1
rsyslog rsyslog 4.6.3
rsyslog rsyslog 4.5.2
rsyslog rsyslog 4.1.1
rsyslog rsyslog 4.4.2
rsyslog rsyslog 4.6.4
rsyslog rsyslog 4.5.4
rsyslog rsyslog 4.3.2
rsyslog rsyslog 4.1.3
rsyslog rsyslog 4.5.3
rsyslog rsyslog 4.6.1
rsyslog rsyslog 4.1.0
rsyslog rsyslog 4.5.8
rsyslog rsyslog 4.1.5
rsyslog rsyslog 4.3.0
rsyslog rsyslog 4.6.2
rsyslog rsyslog 4.5.5
rsyslog rsyslog 4.4.0
rsyslog rsyslog 4.6.0
rsyslog rsyslog 4.5.0
rsyslog rsyslog 4.1.7
rsyslog rsyslog 4.2.0
rsyslog rsyslog 4.4.1
rsyslog rsyslog 4.3.1
rsyslog rsyslog 4.6.5
rsyslog rsyslog 4.1.6
rsyslog rsyslog 4.1.4
rsyslog rsyslog 4.5.7
rsyslog rsyslog 5.5.6
rsyslog rsyslog 5.5.7
rsyslog rsyslog 5.4.2
rsyslog rsyslog 5.5.0
rsyslog rsyslog 5.5.4
rsyslog rsyslog 5.1.6
rsyslog rsyslog 5.5.1
rsyslog rsyslog 5.6.1
rsyslog rsyslog 5.3.6
rsyslog rsyslog 5.1.1
rsyslog rsyslog 5.6.4
rsyslog rsyslog 5.1.4
rsyslog rsyslog 5.5.3
rsyslog rsyslog 5.6.2
rsyslog rsyslog 5.6.0
rsyslog rsyslog 5.6.5
rsyslog rsyslog 5.1.0
rsyslog rsyslog 5.1.5
rsyslog rsyslog 5.4.0
rsyslog rsyslog 5.7.2
rsyslog rsyslog 5.3.1
rsyslog rsyslog 5.1.2
rsyslog rsyslog 5.2.0
rsyslog rsyslog 5.3.7
rsyslog rsyslog 5.2.2
rsyslog rsyslog 5.3.3
rsyslog rsyslog 5.3.2
rsyslog rsyslog 5.6.3
rsyslog rsyslog 5.5.2
rsyslog rsyslog 5.2.1
rsyslog rsyslog 5.4.1
rsyslog rsyslog 5.7.0
rsyslog rsyslog 5.7.3
rsyslog rsyslog 5.1.3
rsyslog rsyslog 5.5.5
rsyslog rsyslog 5.3.4
rsyslog rsyslog 5.7.1
rsyslog rsyslog 5.3.5
rsyslog rsyslog 6.1.1
rsyslog rsyslog 6.1.0
rsyslog rsyslog 6.1.3
rsyslog rsyslog 6.1.2

Synopsis Moderate: rsyslog security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic Updated rsyslog packages that fix one security issue, multiple bugs, andadd two enhancements are now available for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this ...

Rsyslog could be made to crash if it processed a specially crafted log message ...

A numeric truncation error, leading to a heap-based buffer overflow, was found in the way the rsyslog imfile module processed text files containing long lines An attacker could use this flaw to crash the rsyslogd daemon or, possibly, execute arbitrary code with the privileges of rsyslogd, if they are able to cause a long line to be written to a lo ...

#CloudPassage Check For CVE Example Version: 10 Author: Eric Hoffmann - ehoffmann@cloudpassagecom Users can use the provided example script to check for the presence of any individual CVE or list of CVEs It uses the Halo API to get the details of the last scheduled or manually launched SVA scan for all active servers It then checks for the presence of the provided CVE(s) i

CWE-189 http://rsyslog.com/changelog-for-5-7-4-v5-beta/http://www.openwall.com/lists/oss-security/2011/12/22/2 http://secunia.com/advisories/45848 http://www.ubuntu.com/usn/USN-1338-1 http://rsyslog.com/changelog-for-6-1-4-devel/http://www.securityfocus.com/bid/51171 http://secunia.com/advisories/47698 https://bugzilla.redhat.com/show_bug.cgi?id=769822 http://rsyslog.com/changelog-for-4-6-6-v4-stable/http://www.securitytracker.com/id?1026556 http://bugzilla.adiscon.com/show_bug.cgi?id=221 http://git.adiscon.com/?p=rsyslog.git%3Ba=commit%3Bh=6bad782f154b7f838c7371bf99c13f6dc4ec4101 https://access.redhat.com/errata/RHSA-2012:0796 https://usn.ubuntu.com/1338-1/https://nvd.nist.gov

CVE-2011-4623

Vulnerability Summary

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect