rsyslog librelp version 1.2.14 and earlier contains a...
Critical severity
Unreviewed
Published
May 13, 2022
to the GitHub Advisory Database
•
Updated Jun 12, 2023
Description
Published by the National Vulnerability Database
Mar 23, 2018
Published to the GitHub Advisory Database
May 13, 2022
Last updated
Jun 12, 2023
rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate.
References