rpm package
opensuse/rsyslog&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/rsyslog&distro=openSUSE%20Tumbleweed
Vulnerabilities (8)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-24903 | — | < 8.2204.1-1.1 | 8.2204.1-1.1 | May 5, 2022 | Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for | ||
| CVE-2015-3243 | Med | 5.5 | < 8.2106.0-1.2 | 8.2106.0-1.2 | Jul 25, 2017 | rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron. | |
| CVE-2014-3683 | — | < 8.23.0-2.1 | 8.23.0-2.1 | Nov 2, 2014 | Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash) via a large priority (PRI) value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3634. | ||
| CVE-2014-3634 | — | < 8.23.0-2.1 | 8.23.0-2.1 | Nov 2, 2014 | rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access. | ||
| CVE-2013-6371 | — | < 8.23.0-2.1 | 8.23.0-2.1 | Apr 22, 2014 | The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted JSON data, involving collisions. | ||
| CVE-2013-6370 | — | < 8.23.0-2.1 | 8.23.0-2.1 | Apr 22, 2014 | Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service via unspecified vectors. | ||
| CVE-2013-4758 | — | < 8.23.0-2.1 | 8.23.0-2.1 | Oct 4, 2013 | Double free vulnerability in the writeDataError function in the ElasticSearch plugin (omelasticsearch) in rsyslog before 7.4.2 and before 7.5.2 devel, when errorfile is set to local logging, allows remote attackers to cause a denial of service (crash) and possibly execute arbitra | ||
| CVE-2011-3200 | — | < 8.23.0-2.1 | 8.23.0-2.1 | Sep 6, 2011 | Stack-based buffer overflow in the parseLegacySyslogMsg function in tools/syslogd.c in rsyslogd in rsyslog 4.6.x before 4.6.8 and 5.2.0 through 5.8.4 might allow remote attackers to cause a denial of service (application exit) via a long TAG in a legacy syslog message. |
- CVE-2022-24903May 5, 2022affected < 8.2204.1-1.1fixed 8.2204.1-1.1
Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for
- affected < 8.2106.0-1.2fixed 8.2106.0-1.2
rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron.
- CVE-2014-3683Nov 2, 2014affected < 8.23.0-2.1fixed 8.23.0-2.1
Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash) via a large priority (PRI) value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3634.
- CVE-2014-3634Nov 2, 2014affected < 8.23.0-2.1fixed 8.23.0-2.1
rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access.
- CVE-2013-6371Apr 22, 2014affected < 8.23.0-2.1fixed 8.23.0-2.1
The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted JSON data, involving collisions.
- CVE-2013-6370Apr 22, 2014affected < 8.23.0-2.1fixed 8.23.0-2.1
Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service via unspecified vectors.
- CVE-2013-4758Oct 4, 2013affected < 8.23.0-2.1fixed 8.23.0-2.1
Double free vulnerability in the writeDataError function in the ElasticSearch plugin (omelasticsearch) in rsyslog before 7.4.2 and before 7.5.2 devel, when errorfile is set to local logging, allows remote attackers to cause a denial of service (crash) and possibly execute arbitra
- CVE-2011-3200Sep 6, 2011affected < 8.23.0-2.1fixed 8.23.0-2.1
Stack-based buffer overflow in the parseLegacySyslogMsg function in tools/syslogd.c in rsyslogd in rsyslog 4.6.x before 4.6.8 and 5.2.0 through 5.8.4 might allow remote attackers to cause a denial of service (application exit) via a long TAG in a legacy syslog message.