Source: rsyslog
Version: 8.1908.0-1
Severity: normal
Tags: security upstream


The following vulnerability was published for rsyslog, filling this
for tracking mainly.

| An issue was discovered in Rsyslog v8.1908.0.
| contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser
| for Cisco log messages. The parser tries to locate a log message
| delimiter (in this case, a space or a colon), but fails to account for
| strings that do not satisfy this constraint. If the string does not
| match, then the variable lenMsg will reach the value zero and will
| skip the sanity check that detects invalid log messages. The message
| will then be considered valid, and the parser will eat up the
| nonexistent colon delimiter. In doing so, it will decrement lenMsg, a
| signed integer, whose value was zero and now becomes minus one. The
| following step in the parser is to shift left the contents of the
| message. To do this, it will call memmove with the right pointers to
| the target and destination strings, but the lenMsg will now be
| interpreted as a huge value, causing a heap overflow.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:


Please adjust the affected versions in the BTS as needed.


Reply via email to