CVE Vulnerabilities

CVE-2011-4623

Published: Sep 25, 2012 | Modified: Feb 13, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

Integer overflow in the rsCStrExtendBuf function in runtime/stringbuf.c in the imfile module in rsyslog 4.x before 4.6.6, 5.x before 5.7.4, and 6.x before 6.1.4 allows local users to cause a denial of service (daemon hang) via a large file, which triggers a heap-based buffer overflow.

Affected Software

Name Vendor Start Version End Version
Rsyslog Rsyslog 4.5.6 4.5.6
Rsyslog Rsyslog 4.1.2 4.1.2
Rsyslog Rsyslog 4.5.1 4.5.1
Rsyslog Rsyslog 4.6.3 4.6.3
Rsyslog Rsyslog 4.5.2 4.5.2
Rsyslog Rsyslog 4.1.1 4.1.1
Rsyslog Rsyslog 4.4.2 4.4.2
Rsyslog Rsyslog 4.6.4 4.6.4
Rsyslog Rsyslog 4.5.4 4.5.4
Rsyslog Rsyslog 4.3.2 4.3.2
Rsyslog Rsyslog 4.1.3 4.1.3
Rsyslog Rsyslog 4.5.3 4.5.3
Rsyslog Rsyslog 4.6.1 4.6.1
Rsyslog Rsyslog 4.1.0 4.1.0
Rsyslog Rsyslog 4.5.8 4.5.8
Rsyslog Rsyslog 4.1.5 4.1.5
Rsyslog Rsyslog 4.3.0 4.3.0
Rsyslog Rsyslog 4.6.2 4.6.2
Rsyslog Rsyslog 4.5.5 4.5.5
Rsyslog Rsyslog 4.4.0 4.4.0
Rsyslog Rsyslog 4.6.0 4.6.0
Rsyslog Rsyslog 4.5.0 4.5.0
Rsyslog Rsyslog 4.1.7 4.1.7
Rsyslog Rsyslog 4.2.0 4.2.0
Rsyslog Rsyslog 4.4.1 4.4.1
Rsyslog Rsyslog 4.3.1 4.3.1
Rsyslog Rsyslog 4.6.5 4.6.5
Rsyslog Rsyslog 4.1.6 4.1.6
Rsyslog Rsyslog 4.1.4 4.1.4
Rsyslog Rsyslog 4.5.7 4.5.7

References