CVE-2019-17041 – rsyslog: heap-based overflow in contrib/pmaixforwardedfrom/pmaixforwardedfrom.c
https://notcve.org/view.php?id=CVE-2019-17041
An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. • https://github.com/Resery/CVE-2019-17041 http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00032.html https://github.com/rsyslog/rsyslog/blob/v8-stable/ChangeLog https://github.com/rsyslog/rsyslog/pull/3884 https://lists.debian.org/debian-lts-announce/2021/11/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPNCHI7X2IEXRH6RYD6IDPR4PLB5RPC7 https://lists.fed • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2019-17040
https://notcve.org/view.php?id=CVE-2019-17040
contrib/pmdb2diag/pmdb2diag.c in Rsyslog v8.1908.0 allows out-of-bounds access because the level length is mishandled. El archivo contrib/pmdb2diag/pmdb2diag.c en Rsyslog versión v8.1908.0, permite el acceso fuera de límites porque la longitud del nivel se maneja inapropiadamente. • https://github.com/rsyslog/rsyslog/blob/v8-stable/ChangeLog https://github.com/rsyslog/rsyslog/pull/3875 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPNCHI7X2IEXRH6RYD6IDPR4PLB5RPC7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6SUQE25RD37CD24BHKUWMG27U5RQ2FU • CWE-125: Out-of-bounds Read •
CVE-2018-16881 – rsyslog: imptcp: integer overflow when Octet-Counted TCP Framing is enabled
https://notcve.org/view.php?id=CVE-2018-16881
A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable. Se ha detectado una vulnerabilidad de denegación de servicio (DoS) en rsyslog en el módulo imptcp. Un atacante podría enviar un mensaje especialmente manipulado al socket imptcp, lo que conduciría al cierre forzado de rsyslog. • https://access.redhat.com/errata/RHBA-2019:2501 https://access.redhat.com/errata/RHSA-2019:2110 https://access.redhat.com/errata/RHSA-2019:2437 https://access.redhat.com/errata/RHSA-2019:2439 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16881 https://lists.debian.org/debian-lts-announce/2022/05/msg00028.html https://access.redhat.com/security/cve/CVE-2018-16881 https://bugzilla.redhat.com/show_bug.cgi?id=1658366 • CWE-190: Integer Overflow or Wraparound •
CVE-2017-12588
https://notcve.org/view.php?id=CVE-2017-12588
The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact. Los módulos de entrada y salida de zmq3 en versiones de rsyslog anteriores a 8.28.0 interpretaban campos de descripción como cadenas de formato, lo que podía dar lugar a un ataque de tipo “format string” y causar un impacto no especificado. • https://github.com/rsyslog/rsyslog/blob/master/ChangeLog https://github.com/rsyslog/rsyslog/commit/062d0c671a29f7c6f7dff4a2f1f35df375bbb30b https://github.com/rsyslog/rsyslog/pull/1565 • CWE-134: Use of Externally-Controlled Format String •
CVE-2014-3683
https://notcve.org/view.php?id=CVE-2014-3683
Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash) via a large priority (PRI) value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3634. Desbordamiento de enteros en rsyslog anterior a 7.6.7 y 8.x anterior a 8.4.2 y sysklogd 1.5 y anteriores permite a atacantes remotos causar una denegación de servicio (caída) a través de un valor de prioridad (PRI) grande. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2014-3634. • http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00005.html http://lists.opensuse.org/opensuse-updates/2014-10/msg00020.html http://lists.opensuse.org/opensuse-updates/2014-10/msg00021.html http://secunia.com/advisories/61494 http://www.debian.org/security/2014/dsa-3047 http://www.openwall.com/lists/oss-security/2014/09/30/15 http://www.openwall.com/lists/oss-security/2014/10/03/1 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http: • CWE-189: Numeric Errors •