GHSA-445C-VH5M-36RJ Apache Log4j Core: log injection in `Rfc5424Layout` due to silent configuration incompatibility

Apache Log4j Core's Rfc5424Layout, in versions 2.21.0 through 2.25.3, is vulnerable to log injection via CRLF sequences due to undocumented renames of security-relevant configuration attributes. Two distinct issues affect users of stream-based syslog services who configure Rfc5424Layout directly:...

CVE-2026-34478

Apache Log4j Core's Rfc5424Layout https://logging.apache.org/log4j/2.x/manual/layouts.htmlRFC5424Layout , in versions 2.21.0 through 2.25.3, is vulnerable to log injection via CRLF sequences due to undocumented renames of security-relevant configuration attributes. Two distinct issues affect user...

UBUNTU-CVE-2026-34478

Apache Log4j Core's Rfc5424Layout https://logging.apache.org/log4j/2.x/manual/layouts.htmlRFC5424Layout , in versions 2.21.0 through 2.25.3, is vulnerable to log injection via CRLF sequences due to undocumented renames of security-relevant configuration attributes. Two distinct issues affect user...

CVE-2026-34478 Apache Log4j Core: Log injection in Rfc5424Layout due to silent configuration incompatibility

Apache Log4j Core's Rfc5424Layout https://logging.apache.org/log4j/2.x/manual/layouts.htmlRFC5424Layout , in versions 2.21.0 through 2.25.3, is vulnerable to log injection via CRLF sequences due to undocumented renames of security-relevant configuration attributes. Two distinct issues affect user...

PT-2026-31940

Name of the Vulnerable Software and Affected Versions Apache Log4j Core versions 2.21.0 through 2.25.3 Description The Rfc5424Layout component is susceptible to log injection via CRLF Carriage Return Line Feed sequences. This occurs because security-relevant configuration attributes were renamed...

SUSE: Security Advisory (SUSE-SU-2019:0209-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Denial Of Service (Dos)

rsyslog is vulnerable to denial of service. An integer overflow when octet-counted TCP framing is enabled allows an attacker is able to send a malicious message to the imptcp socket to crash rsyslog...

openSUSE Security Update : rsyslog (openSUSE-2019-154)

This update for rsyslog fixes the following issues : Security issue fixed : - CVE-2018-16881: Fixed a denial of service when both the imtcp module and Octet-Counted TCP Framing is enabled bsc1123164. This update was imported from the SUSE:SLE-12-SP3:Update update project. %NASLMINLEVEL 70300 C...

SUSE SLED12 / SLES12 Security Update : rsyslog (SUSE-SU-2019:0209-1)

This update for rsyslog fixes the following issues : Security issue fixed : CVE-2018-16881: Fixed a denial of service when both the imtcp module and Octet-Counted TCP Framing is enabled bsc1123164. Note that Tenable Network Security has extracted the preceding description block directly from the...

SUSE-SU-2019:0209-1 Security update for rsyslog

This update for rsyslog fixes the following issues: Security issue fixed: - CVE-2018-16881: Fixed a denial of service when both the imtcp module and Octet-Counted TCP Framing is enabled bsc1123164...