Lucene search

[email protected]CVE-2011-4623

HistorySep 25, 2012 - 11:55 p.m.

CVE-2011-4623

2012-09-2523:55:01

CWE-189

[email protected]

web.nvd.nist.gov

cve-2011-4623

integer overflow

rscstrextendbuf

rsyslog

denial of service

buffer overflow

6.3 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

Integer overflow in the rsCStrExtendBuf function in runtime/stringbuf.c in the imfile module in rsyslog 4.x before 4.6.6, 5.x before 5.7.4, and 6.x before 6.1.4 allows local users to cause a denial of service (daemon hang) via a large file, which triggers a heap-based buffer overflow.

Affected configurations

NVD

Node

rsyslogrsyslogMatch4.1.0

rsyslogrsyslogMatch4.1.1

rsyslogrsyslogMatch4.1.2

rsyslogrsyslogMatch4.1.3

rsyslogrsyslogMatch4.1.4

rsyslogrsyslogMatch4.1.5

rsyslogrsyslogMatch4.1.6

rsyslogrsyslogMatch4.1.7

rsyslogrsyslogMatch4.2.0

rsyslogrsyslogMatch4.3.0

rsyslogrsyslogMatch4.3.1

rsyslogrsyslogMatch4.3.2

rsyslogrsyslogMatch4.4.0

rsyslogrsyslogMatch4.4.1

rsyslogrsyslogMatch4.4.2

rsyslogrsyslogMatch4.5.0

rsyslogrsyslogMatch4.5.1

rsyslogrsyslogMatch4.5.2

rsyslogrsyslogMatch4.5.3

rsyslogrsyslogMatch4.5.4

rsyslogrsyslogMatch4.5.5

rsyslogrsyslogMatch4.5.6

rsyslogrsyslogMatch4.5.7

rsyslogrsyslogMatch4.5.8

rsyslogrsyslogMatch4.6.0

rsyslogrsyslogMatch4.6.1

rsyslogrsyslogMatch4.6.2

rsyslogrsyslogMatch4.6.3

rsyslogrsyslogMatch4.6.4

rsyslogrsyslogMatch4.6.5

Node

rsyslogrsyslogMatch5.1.0

rsyslogrsyslogMatch5.1.1

rsyslogrsyslogMatch5.1.2

rsyslogrsyslogMatch5.1.3

rsyslogrsyslogMatch5.1.4

rsyslogrsyslogMatch5.1.5

rsyslogrsyslogMatch5.1.6

rsyslogrsyslogMatch5.2.0

rsyslogrsyslogMatch5.2.1

rsyslogrsyslogMatch5.2.2

rsyslogrsyslogMatch5.3.1

rsyslogrsyslogMatch5.3.2

rsyslogrsyslogMatch5.3.3

rsyslogrsyslogMatch5.3.4

rsyslogrsyslogMatch5.3.5

rsyslogrsyslogMatch5.3.6

rsyslogrsyslogMatch5.3.7

rsyslogrsyslogMatch5.4.0

rsyslogrsyslogMatch5.4.1

rsyslogrsyslogMatch5.4.2

rsyslogrsyslogMatch5.5.0

rsyslogrsyslogMatch5.5.1

rsyslogrsyslogMatch5.5.2

rsyslogrsyslogMatch5.5.3

rsyslogrsyslogMatch5.5.4

rsyslogrsyslogMatch5.5.5

rsyslogrsyslogMatch5.5.6

rsyslogrsyslogMatch5.5.7

rsyslogrsyslogMatch5.6.0

rsyslogrsyslogMatch5.6.1

rsyslogrsyslogMatch5.6.2

rsyslogrsyslogMatch5.6.3

rsyslogrsyslogMatch5.6.4

rsyslogrsyslogMatch5.6.5

rsyslogrsyslogMatch5.7.0

rsyslogrsyslogMatch5.7.1

rsyslogrsyslogMatch5.7.2

rsyslogrsyslogMatch5.7.3

Node

rsyslogrsyslogMatch6.1.0

rsyslogrsyslogMatch6.1.1

rsyslogrsyslogMatch6.1.2

rsyslogrsyslogMatch6.1.3

CPENameOperatorVersion
rsyslog:rsyslogrsyslogeq4.1.0
rsyslog:rsyslogrsyslogeq4.1.1
rsyslog:rsyslogrsyslogeq4.1.2
rsyslog:rsyslogrsyslogeq4.1.3
rsyslog:rsyslogrsyslogeq4.1.4
rsyslog:rsyslogrsyslogeq4.1.5
rsyslog:rsyslogrsyslogeq4.1.6
rsyslog:rsyslogrsyslogeq4.1.7
rsyslog:rsyslogrsyslogeq4.2.0
rsyslog:rsyslogrsyslogeq4.3.0

CPE	Name	Operator	Version
rsyslog:rsyslog	rsyslog	eq	4.1.0
rsyslog:rsyslog	rsyslog	eq	4.1.1
rsyslog:rsyslog	rsyslog	eq	4.1.2
rsyslog:rsyslog	rsyslog	eq	4.1.3
rsyslog:rsyslog	rsyslog	eq	4.1.4
rsyslog:rsyslog	rsyslog	eq	4.1.5
rsyslog:rsyslog	rsyslog	eq	4.1.6
rsyslog:rsyslog	rsyslog	eq	4.1.7
rsyslog:rsyslog	rsyslog	eq	4.2.0
rsyslog:rsyslog	rsyslog	eq	4.3.0