Source: rsyslog Version: 8.1908.0-1 Severity: normal Tags: security upstream Forwarded: https://github.com/rsyslog/rsyslog/pull/3884
Hi, The following vulnerability was published for rsyslog, filling mainly for tracking, we marked it as no-dsa given the module is not enabled by default and somehow exotic. But let us know please at team@s.d.o if you disagree with the assessment and we can revert. CVE-2019-17041[0]: | An issue was discovered in Rsyslog v8.1908.0. | contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in | the parser for AIX log messages. The parser tries to locate a log | message delimiter (in this case, a space or a colon) but fails to | account for strings that do not satisfy this constraint. If the string | does not match, then the variable lenMsg will reach the value zero and | will skip the sanity check that detects invalid log messages. The | message will then be considered valid, and the parser will eat up the | nonexistent colon delimiter. In doing so, it will decrement lenMsg, a | signed integer, whose value was zero and now becomes minus one. The | following step in the parser is to shift left the contents of the | message. To do this, it will call memmove with the right pointers to | the target and destination strings, but the lenMsg will now be | interpreted as a huge value, causing a heap overflow. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-17041 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17041 [1] https://github.com/rsyslog/rsyslog/pull/3884 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
