CVE-2011-4623
rsyslog: DoS due integer signedness error while extending rsyslog counted string buffer
Severity Score
Exploit Likelihood
Affected Versions
72Public Exploits
0Exploited in Wild
-Decision
Descriptions
Integer overflow in the rsCStrExtendBuf function in runtime/stringbuf.c in the imfile module in rsyslog 4.x before 4.6.6, 5.x before 5.7.4, and 6.x before 6.1.4 allows local users to cause a denial of service (daemon hang) via a large file, which triggers a heap-based buffer overflow.
Desbordamiento de entero en la función rsCStrExtendBuf en runtime/stringbuf.c en el módulo imfile en rsyslog v4.x anteriores v4.6.6, v5.x anteriores a v5.7.4, y v6.x anteriores a v6.1.4, permite a atacantes remotos provocar una denegación de servicio (cuelgue del demonio) a través de un fichero grande, que provoca un desbordamiento de búfer basado en memoria dinámica.
Multiple vulnerabilities have been found in RSYSLOG, allowing attackers to cause Denial of Service. Versions less than 8.4.2 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-11-29 CVE Reserved
- 2012-09-25 CVE Published
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-189: Numeric Errors
CAPEC
References (13)
| URL | Tag | Source |
|---|---|---|
| http://bugzilla.adiscon.com/show_bug.cgi?id=221 | X_refsource_confirm | |
| http://git.adiscon.com/?p=rsyslog.git%3Ba=commit%3Bh=6bad782f154b7f838c7371bf99c1... | X_refsource_confirm | |
| http://rsyslog.com/changelog-for-4-6-6-v4-stable | X_refsource_confirm | |
| http://rsyslog.com/changelog-for-5-7-4-v5-beta | X_refsource_confirm | |
| http://rsyslog.com/changelog-for-6-1-4-devel | X_refsource_confirm | |
| http://www.openwall.com/lists/oss-security/2011/12/22/2 | Mailing List |
|
| http://www.securityfocus.com/bid/51171 | Vdb Entry | |
| http://www.securitytracker.com/id?1026556 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.ubuntu.com/usn/USN-1338-1 | 2023-02-13 |