VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Oct 4, 2013· Updated Apr 29, 2026

CVE-2013-4758

CVE-2013-4758

Description

Double free vulnerability in the writeDataError function in the ElasticSearch plugin (omelasticsearch) in rsyslog before 7.4.2 and before 7.5.2 devel, when errorfile is set to local logging, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted JSON response.

Affected products

42
  • Rsyslog/Rsyslog42 versions
    cpe:2.3:a:rsyslog:rsyslog:*:*:*:*:*:*:*:*+ 41 more
    • cpe:2.3:a:rsyslog:rsyslog:*:*:*:*:*:*:*:*range: <=7.4.1
    • cpe:2.3:a:rsyslog:rsyslog:*:devel:*:*:*:*:*:*range: <=7.5.1
    • cpe:2.3:a:rsyslog:rsyslog:6.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:rsyslog:rsyslog:6.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:rsyslog:rsyslog:6.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:rsyslog:rsyslog:7.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:rsyslog:rsyslog:7.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:rsyslog:rsyslog:7.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:rsyslog:rsyslog:7.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:rsyslog:rsyslog:7.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:rsyslog:rsyslog:7.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:rsyslog:rsyslog:7.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:rsyslog:rsyslog:7.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:rsyslog:rsyslog:7.1.8:*:*:*:*:*:*:*
    • cpe:2.3:a:rsyslog:rsyslog:7.1.9:*:*:*:*:*:*:*
    • cpe:2.3:a:rsyslog:rsyslog:7.1.10:*:*:*:*:*:*:*
    • cpe:2.3:a:rsyslog:rsyslog:7.1.11:*:*:*:*:*:*:*
    • cpe:2.3:a:rsyslog:rsyslog:7.1.12:*:*:*:*:*:*:*
    • cpe:2.3:a:rsyslog:rsyslog:7.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:rsyslog:rsyslog:7.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:rsyslog:rsyslog:7.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:rsyslog:rsyslog:7.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:rsyslog:rsyslog:7.2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:rsyslog:rsyslog:7.2.6:*:*:*:*:*:*:*
    • cpe:2.3:a:rsyslog:rsyslog:7.2.7:*:*:*:*:*:*:*
    • cpe:2.3:a:rsyslog:rsyslog:7.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:rsyslog:rsyslog:7.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:rsyslog:rsyslog:7.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:rsyslog:rsyslog:7.3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:rsyslog:rsyslog:7.3.5:*:*:*:*:*:*:*
    • cpe:2.3:a:rsyslog:rsyslog:7.3.6:*:*:*:*:*:*:*
    • cpe:2.3:a:rsyslog:rsyslog:7.3.7:*:*:*:*:*:*:*
    • cpe:2.3:a:rsyslog:rsyslog:7.3.8:*:*:*:*:*:*:*
    • cpe:2.3:a:rsyslog:rsyslog:7.3.9:*:*:*:*:*:*:*
    • cpe:2.3:a:rsyslog:rsyslog:7.3.10:*:*:*:*:*:*:*
    • cpe:2.3:a:rsyslog:rsyslog:7.3.11:*:*:*:*:*:*:*
    • cpe:2.3:a:rsyslog:rsyslog:7.3.12:*:*:*:*:*:*:*
    • cpe:2.3:a:rsyslog:rsyslog:7.3.13:*:*:*:*:*:*:*
    • cpe:2.3:a:rsyslog:rsyslog:7.3.14:*:*:*:*:*:*:*
    • cpe:2.3:a:rsyslog:rsyslog:7.3.15:*:*:*:*:*:*:*
    • cpe:2.3:a:rsyslog:rsyslog:7.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:rsyslog:rsyslog:7.5.0:devel:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.