cbcvebase.
CVE-2018-1000140
published 2018-03-23

CVE-2018-1000140: rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote…

critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate.

Affected

30 ranges· showing 25
VendorProductVersion rangeFixed in
canonicalubuntu_linux
debiandebian_linux
debiandebian_linux
debianlibrelp< librelp 1.2.15-1 (bookworm)librelp 1.2.15-1 (bookworm)
redhatenterprise_linux_desktop
redhatenterprise_linux_desktop
redhatenterprise_linux_server
redhatenterprise_linux_server
redhatenterprise_linux_server_aus
redhatenterprise_linux_server_aus
redhatenterprise_linux_server_aus
redhatenterprise_linux_server_aus
redhatenterprise_linux_server_aus
redhatenterprise_linux_server_eus
redhatenterprise_linux_server_eus
redhatenterprise_linux_server_eus
redhatenterprise_linux_server_eus
redhatenterprise_linux_server_eus
redhatenterprise_linux_server_tus
redhatenterprise_linux_server_tus
redhatenterprise_linux_server_tus
redhatenterprise_linux_server_tus
redhatenterprise_linux_server_tus
redhatenterprise_linux_workstation
redhatenterprise_linux_workstation

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL