Rsyslog

Rsyslog

17 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2022-24903

  • EPSS 0.95%
  • Veröffentlicht 06.05.2022 00:15:07
  • Zuletzt bearbeitet 21.11.2024 06:51:21

Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vuln...

5.5

CVE-2011-1490

  • EPSS 0.15%
  • Veröffentlicht 14.11.2019 02:15:10
  • Zuletzt bearbeitet 21.11.2024 01:26:25

A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of...

5.5

CVE-2011-1489

Exploit
  • EPSS 0.15%
  • Veröffentlicht 14.11.2019 02:15:10
  • Zuletzt bearbeitet 21.11.2024 01:26:25

A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages were logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial o...

5.5

CVE-2011-1488

Exploit
  • EPSS 0.15%
  • Veröffentlicht 14.11.2019 02:15:10
  • Zuletzt bearbeitet 21.11.2024 01:26:25

A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when $RepeatedMsgReduction was enabled. A local attacker could use this flaw to cause a denial of the rsyslogd daemon service by crashing the service ...

9.8

CVE-2019-17042

  • EPSS 0.37%
  • Veröffentlicht 07.10.2019 16:15:11
  • Zuletzt bearbeitet 21.11.2024 04:31:35

An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account fo...

9.8

CVE-2019-17041

  • EPSS 1.02%
  • Veröffentlicht 07.10.2019 16:15:11
  • Zuletzt bearbeitet 21.11.2024 04:31:34

An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to a...

9.8

CVE-2019-17040

  • EPSS 0.5%
  • Veröffentlicht 30.09.2019 14:15:14
  • Zuletzt bearbeitet 21.11.2024 04:31:34

contrib/pmdb2diag/pmdb2diag.c in Rsyslog v8.1908.0 allows out-of-bounds access because the level length is mishandled.

7.5

CVE-2018-16881

  • EPSS 2.77%
  • Veröffentlicht 25.01.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:53:31

A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.

9.8

CVE-2017-12588

  • EPSS 0.33%
  • Veröffentlicht 06.08.2017 14:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact.

5.5

CVE-2015-3243

  • EPSS 0.13%
  • Veröffentlicht 25.07.2017 18:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron.