13 matches found
Oracle Linux 8 : rsyslog (ELSA-2020-1702)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1702 advisory. 8.1911.0-3 RHEL 8.2.0 ERRATUM - added patch reverting rejecting expired certs by default resolves: rhbz1782353 - added patch silencing false errors on...
Debian DLA-2835-1 : rsyslog - LTS security update
The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2835 advisory. Two heap overflows were fixed in the rsyslog logging daemon. CVE-2019-17041 Heap overflow in the AIX message parser. CVE-2019-17042 Heap overflow in the Cisco log...
CVE-2019-17042
An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter in this case, a space or a colon, but fails to account for strings that do not satisfy this constraint. If...
CVE-2019-17040
contrib/pmdb2diag/pmdb2diag.c in Rsyslog v8.1908.0 allows out-of-bounds access because the level length is mishandled...
rsyslog: heap-based overflow in contrib/pmcisconames/pmcisconames.c
An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter in this case, a space or a colon, but fails to account for strings that do not satisfy this constraint. If...
Huawei EulerOS: Security Advisory for rsyslog (EulerOS-SA-2019-2302)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2019-17042
An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter in this case, a space or a colon, but fails to account for strings that do not satisfy this constraint. If...
CVE-2019-17042
An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter in this case, a space or a colon, but fails to account for strings that do not satisfy this constraint. If...
CVE-2019-17041
An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter in this case, a space or a colon but fails to account for strings that do not satisfy this...
CVE-2019-17041
CVE-2019-17041 affects rsyslog. Connected sources confirm a heap overflow in the AIX log-message parser (contrib/pmaixforwardedfrom/pmaixforwardedfrom.c). The overflow occurs when lenMsg underflows after parsing a delimiter, leading to a heap overflow via memmove. Public notes corroborate a fixed...
Design/Logic Flaw
contrib/pmdb2diag/pmdb2diag.c in Rsyslog v8.1908.0 allows out-of-bounds access because the level length is mishandled...
CVE-2019-17040
contrib/pmdb2diag/pmdb2diag.c in Rsyslog v8.1908.0 allows out-of-bounds access because the level length is mishandled...
CVE-2019-17040
contrib/pmdb2diag/pmdb2diag.c in Rsyslog v8.1908.0 allows out-of-bounds access because the level length is mishandled...