CVE-2022-24903Classic Buffer Overflow in Rsyslog

CWE-120Classic Buffer OverflowCWE-1284Improper Validation of Specified Quantity in InputCWE-787Out-of-bounds Write10 documents9 sources
Severity
8.1HIGHNVD
EPSS
0.5%
top 33.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
RsyslogDebian LinuxFedoraproject Fedora
Timeline
PublishedMay 6
Latest updateJul 13

Description

Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code execution. But there may still be a slight chance for experts to do that. The bug occurs when the octet count is read. While there is a check for the maximum number of octets, digits are written to a heap buf

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages3 packages

CVEListV5rsyslog/rsyslog< 8.2204.1
NVDrsyslog/rsyslog< 8.2204.1
Debianrsyslog/rsyslog< 8.2102.0-2+deb11u1+3

Also affects: Debian Linux 10.0, 11.0, 9.0, Fedora 35

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
OSV
CVE-2022-24903: Rsyslog is a rocket-fast system for log processing2022-05-06
CVEList
Buffer overflow in TCP syslog server (receiver) components in rsyslog2022-05-05

📋Vendor Advisories

7
CISA ICS
​Siemens RUGGEDCOM ROX2023-07-13
Oracle
Oracle Oracle Communications Risk Matrix: Platform (Multiple) — CVE-2022-249032023-01-15
Ubuntu
Rsyslog vulnerability2022-05-24
Microsoft
Buffer overflow in TCP syslog server (receiver) components in rsyslog2022-05-10
Ubuntu
Rsyslog vulnerability2022-05-05