Important: rsyslog

🗓️ 07 Jun 2022 00:00:00Reported by AmazonType

A flaw in rsyslog message priority handling leaves systems vulnerable to crashes and code execution. Another flaw in rsyslog's reception TCP modules allows for a heap-based buffer overflow leading to denial of service or remote code execution

Reporter	Title	Published	Views	Family All 386
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in rsyslog affect IBM Flex System Manager (FSM): (CVE-2014-3634 and CVE-2014-3683)	31 Jan 201901:45	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Dashboards on Cloud Pak for Data has addressed security vulnerabilities	15 Apr 202502:19	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a buffer overflow in rsyslog [ CVE-2022-24903]	28 Mar 202421:59	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in rsyslog affects SmartCloud Provisioning 2.1 for IBM Provided Software Virtual Appliance (CVE-2014-3634)	17 Jun 201822:30	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a heap-based buffer overflow in rsyslog (CVE-2022-24903).	12 Jan 202321:59	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Verify Access Appliance includes components with known vulnerabilities	12 Jan 202323:10	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Guardium is affected by several vulnerabilities	19 Sep 202319:45	–	ibm
FreeBSD	rsyslog -- remote syslog PRI vulnerability	30 Sep 201400:00	–	freebsd
FreeBSD	rsyslog8 -- heap buffer overflow on receiving TCP syslog	5 May 202200:00	–	freebsd
Tenable Nessus	AIX rsyslog Advisory : rsyslog_advisory.asc	2 Dec 201400:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Amazon Linux	2	aarch64	rsyslog	8.24.0-57.amzn2.2.0.1	rsyslog-8.24.0-57.amzn2.2.0.1.aarch64.rpm
Amazon Linux	2	i686	rsyslog	8.24.0-57.amzn2.2.0.1	rsyslog-8.24.0-57.amzn2.2.0.1.i686.rpm
Amazon Linux	2	x86_64	rsyslog	8.24.0-57.amzn2.2.0.1	rsyslog-8.24.0-57.amzn2.2.0.1.x86_64.rpm
Amazon Linux	2	aarch64	rsyslog-crypto	8.24.0-57.amzn2.2.0.1	rsyslog-crypto-8.24.0-57.amzn2.2.0.1.aarch64.rpm
Amazon Linux	2	i686	rsyslog-crypto	8.24.0-57.amzn2.2.0.1	rsyslog-crypto-8.24.0-57.amzn2.2.0.1.i686.rpm
Amazon Linux	2	x86_64	rsyslog-crypto	8.24.0-57.amzn2.2.0.1	rsyslog-crypto-8.24.0-57.amzn2.2.0.1.x86_64.rpm
Amazon Linux	2	aarch64	rsyslog-debuginfo	8.24.0-57.amzn2.2.0.1	rsyslog-debuginfo-8.24.0-57.amzn2.2.0.1.aarch64.rpm
Amazon Linux	2	i686	rsyslog-debuginfo	8.24.0-57.amzn2.2.0.1	rsyslog-debuginfo-8.24.0-57.amzn2.2.0.1.i686.rpm
Amazon Linux	2	x86_64	rsyslog-debuginfo	8.24.0-57.amzn2.2.0.1	rsyslog-debuginfo-8.24.0-57.amzn2.2.0.1.x86_64.rpm
Amazon Linux	2	any	rsyslog-doc	8.24.0-57.amzn2.2.0.1	rsyslog-doc-8.24.0-57.amzn2.2.0.1.noarch.rpm

07 Jun 2022 00:00Current

8.1High risk

Vulners AI Score8.1

CVSS 27.5

CVSS 3.18.1

EPSS0.29383

SSVC