Source: rsyslog Version: 8.1908.0-1 Severity: normal Tags: security upstream Forwarded: https://github.com/rsyslog/rsyslog/pull/3883
Hi, The following vulnerability was published for rsyslog, filling this for tracking mainly. CVE-2019-17042[0]: | An issue was discovered in Rsyslog v8.1908.0. | contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser | for Cisco log messages. The parser tries to locate a log message | delimiter (in this case, a space or a colon), but fails to account for | strings that do not satisfy this constraint. If the string does not | match, then the variable lenMsg will reach the value zero and will | skip the sanity check that detects invalid log messages. The message | will then be considered valid, and the parser will eat up the | nonexistent colon delimiter. In doing so, it will decrement lenMsg, a | signed integer, whose value was zero and now becomes minus one. The | following step in the parser is to shift left the contents of the | message. To do this, it will call memmove with the right pointers to | the target and destination strings, but the lenMsg will now be | interpreted as a huge value, causing a heap overflow. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-17042 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17042 [1] https://github.com/rsyslog/rsyslog/pull/3883 Please adjust the affected versions in the BTS as needed. Regards, Salvatore