CVE-2022-24903: A flaw in rsyslog TCP module could allow an attacker to craft a malicious message leading to a heap-based buffer overflow. (BSA-2022-2127)

🗓️ 08 Nov 2022 00:00:00Reported by Broadcom Security ResponseType

broadcom

broadcom🔗 support.broadcom.com👁 52 Views

A flaw in Rsyslog allows remote code execution by exploiting improper input data validation

Reporter	Title	Published	Views	Family All 198
IBM Security Bulletins	Security Bulletin: IBM Cognos Dashboards on Cloud Pak for Data has addressed security vulnerabilities	15 Apr 202502:19	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a buffer overflow in rsyslog [ CVE-2022-24903]	28 Mar 202421:59	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a heap-based buffer overflow in rsyslog (CVE-2022-24903).	12 Jan 202321:59	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Verify Access Appliance includes components with known vulnerabilities	12 Jan 202323:10	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Guardium is affected by several vulnerabilities	19 Sep 202319:45	–	ibm
Tenable Nessus	Amazon Linux 2022 : rsyslog, rsyslog-crypto, rsyslog-elasticsearch (ALAS2022-2022-075)	6 Sep 202200:00	–	nessus
Tenable Nessus	Amazon Linux 2022 : rsyslog (ALAS2022-2022-211)	9 Dec 202200:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : rsyslog, rsyslog-crypto, rsyslog-elasticsearch (ALAS2023-2023-001)	21 Mar 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2 : rsyslog (ALAS-2022-1803)	7 Jun 202200:00	–	nessus
Tenable Nessus	Amazon Linux AMI : rsyslog (ALAS-2022-1594)	10 Jun 202200:00	–	nessus

20 Mar 2023 18:35Current

8High risk

Vulners AI Score8

CVSS 3.18.1

EPSS0.03553

rsyslog remote code execution input data validation software vulnerability heap-based buffer overflow