Source: rsyslog
Version: 8.1908.0-1
Severity: normal
Tags: security upstream


The following vulnerability was published for rsyslog, filling mainly
for tracking, we marked it as no-dsa given the module is not enabled
by default and somehow exotic. But let us know please at team@s.d.o if
you disagree with the assessment and we can revert.

| An issue was discovered in Rsyslog v8.1908.0.
| contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in
| the parser for AIX log messages. The parser tries to locate a log
| message delimiter (in this case, a space or a colon) but fails to
| account for strings that do not satisfy this constraint. If the string
| does not match, then the variable lenMsg will reach the value zero and
| will skip the sanity check that detects invalid log messages. The
| message will then be considered valid, and the parser will eat up the
| nonexistent colon delimiter. In doing so, it will decrement lenMsg, a
| signed integer, whose value was zero and now becomes minus one. The
| following step in the parser is to shift left the contents of the
| message. To do this, it will call memmove with the right pointers to
| the target and destination strings, but the lenMsg will now be
| interpreted as a huge value, causing a heap overflow.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:


Please adjust the affected versions in the BTS as needed.


Reply via email to