FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

rsyslog8 -- heap buffer overflow on receiving TCP syslog

Affected packages
rsyslog < 8.2204.1

Details

VuXML ID b9837fa1-cd72-11ec-98f1-6805ca0b3d42
Discovery 2022-05-05
Entry 2022-05-06

Rainer Gerhards reports:

Modules for TCP syslog reception have a heap buffer overflow when octet-counted framing is used. The attacker can corrupt heap values, leading to data integrity issues and availability impact. Remote code execution is unlikely to happen but not impossible..

[source]

References

CVE Name CVE-2022-24903
URL https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.