QwikSec

Security Database

CVE

CWE

Training

CVE-2018-1000140

Published: Mar 23, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

vendor-advisory

https://github.com/rsyslog/librelp/blob/532aa362f0f7a8d037505b0a27a1df452f9bac9e/src/tcp.c#L1205

vendor-advisory

vendor-advisory

vendor-advisory

vendor-advisory

vendor-advisory

https://lgtm.com/rules/1505913226124/

vendor-advisory

vendor-advisory

vendor-advisory

http://packetstormsecurity.com/files/172829/librelp-Remote-Code-Execution.html

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.