2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
5.1%
Integer overflow in the rsCStrExtendBuf function in runtime/stringbuf.c in
the imfile module in rsyslog 4.x before 4.6.6, 5.x before 5.7.4, and 6.x
before 6.1.4 allows local users to cause a denial of service (daemon hang)
via a large file, which triggers a heap-based buffer overflow.
Author | Note |
---|---|
tyhicks | The imfile module is built in Lucid and newer, but is not loaded in the default rsyslog config file. |
jdstrand | introduced with d2d54013aebb756169182ed8716b142d27134a70 (part of 4.5.0) |