CVE-2018-1000140
Description
rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
27.155
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Reliable Event Logging Protocol (RELP) library (USN-3612-1) librelp0_1.2.2-2ubuntu1.1_i386.deb | Linux |
| Reliable Event Logging Protocol (RELP) library (USN-3612-1) librelp0_1.2.2-2ubuntu1.1_amd64.deb | Linux |
| Librelp security update (CESA-2018:1225) librelp-1.2.7-3.el6_9.1.i686.rpm | Linux |
| Librelp security update (CESA-2018:1225) librelp-1.2.7-3.el6_9.1.x86_64.rpm | Linux |
| Librelp security update (CESA-2018:1225) librelp-devel-1.2.7-3.el6_9.1.i686.rpm | Linux |
| Librelp security update (CESA-2018:1225) librelp-devel-1.2.7-3.el6_9.1.x86_64.rpm | Linux |
| (RHSA-2018:1223) Critical: librelp security update librelp-1.2.12-1.el7_5.1.i686.rpm | Linux |
| (RHSA-2018:1223) Critical: librelp security update librelp-1.2.12-1.el7_5.1.x86_64.rpm | Linux |
| (RHSA-2018:1223) Critical: librelp security update librelp-devel-1.2.12-1.el7_5.1.i686.rpm | Linux |
| (RHSA-2018:1223) Critical: librelp security update librelp-devel-1.2.12-1.el7_5.1.x86_64.rpm | Linux |
| (RHSA-2018:1225) Critical: librelp security update librelp-1.2.7-3.el6_9.1.i686.rpm | Linux |
| (RHSA-2018:1225) Critical: librelp security update librelp-1.2.7-3.el6_9.1.x86_64.rpm | Linux |
| (RHSA-2018:1225) Critical: librelp security update librelp-devel-1.2.7-3.el6_9.1.i686.rpm | Linux |
| (RHSA-2018:1225) Critical: librelp security update librelp-devel-1.2.7-3.el6_9.1.x86_64.rpm | Linux |
| (RHSA-2018:1703) Critical: librelp security update librelp-1.2.0-4.el7_2.i686.rpm | Linux |
| (RHSA-2018:1703) Critical: librelp security update librelp-1.2.0-4.el7_2.x86_64.rpm | Linux |
| (RHSA-2018:1703) Critical: librelp security update librelp-devel-1.2.0-4.el7_2.i686.rpm | Linux |
| (RHSA-2018:1703) Critical: librelp security update librelp-devel-1.2.0-4.el7_2.x86_64.rpm | Linux |
| (RHSA-2018:1704) Critical: librelp security update librelp-1.2.12-1.el7_4.1.i686.rpm | Linux |
| (RHSA-2018:1704) Critical: librelp security update librelp-1.2.12-1.el7_4.1.x86_64.rpm | Linux |
| (RHSA-2018:1704) Critical: librelp security update librelp-devel-1.2.12-1.el7_4.1.i686.rpm | Linux |
| (RHSA-2018:1704) Critical: librelp security update librelp-devel-1.2.12-1.el7_4.1.x86_64.rpm | Linux |
| (RHSA-2018:1707) Critical: librelp security update librelp-1.2.0-4.el7_3.i686.rpm | Linux |
| (RHSA-2018:1707) Critical: librelp security update librelp-1.2.0-4.el7_3.x86_64.rpm | Linux |
| (RHSA-2018:1707) Critical: librelp security update librelp-devel-1.2.0-4.el7_3.i686.rpm | Linux |
| (RHSA-2018:1707) Critical: librelp security update librelp-devel-1.2.0-4.el7_3.x86_64.rpm | Linux |
| SUSE-SU-2018:0822-1(SUSE Linux Enterprise Server 12-SP3 ) librelp-debugsource-1.2.12-3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0822-1(SUSE Linux Enterprise Server 12-SP3 ) librelp0-1.2.12-3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0822-1(SUSE Linux Enterprise Server 12-SP3 ) librelp0-debuginfo-1.2.12-3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0828-1(SUSE Linux Enterprise Server 12-SP2 ) librelp-debugsource-1.2.7-3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0828-1(SUSE Linux Enterprise Server 12-SP2 ) librelp0-1.2.7-3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0828-1(SUSE Linux Enterprise Server 12-SP2 ) librelp0-debuginfo-1.2.7-3.3.1.x86_64.rpm | Linux |
| Librelp update (ELSA-2018-1225) librelp-1.2.7-3.el6_9.1.x86_64.rpm | Linux |
| Librelp-devel update (ELSA-2018-1225) librelp-devel-1.2.7-3.el6_9.1.x86_64.rpm | Linux |
| Librelp update (ELSA-2018-1225) librelp-1.2.7-3.el6_9.1.i686.rpm | Linux |
| Librelp-devel update (ELSA-2018-1225) librelp-devel-1.2.7-3.el6_9.1.i686.rpm | Linux |
| SUSE-SU-2022:1891-1(SUSE Linux Enterprise Server 12-SP5 ) librelp-debugsource-1.2.15-3.6.3.x86_64.rpm | Linux |
| SUSE-SU-2022:1891-1(SUSE Linux Enterprise Server 12-SP5 ) librelp0-1.2.15-3.6.3.x86_64.rpm | Linux |
| SUSE-SU-2022:1891-1(SUSE Linux Enterprise Server 12-SP5 ) librelp0-debuginfo-1.2.15-3.6.3.x86_64.rpm | Linux |
| (RHSA-2018:1223)Critical: security update librelp-debuginfo-1.2.12-1.el7_5.1.i686.rpm | Linux |
| (RHSA-2018:1223)Critical: security update librelp-debuginfo-1.2.12-1.el7_5.1.x86_64.rpm | Linux |
| librelp Security Update (ALAS-2018-998) librelp-1.2.12-1.amzn2.0.1.x86_64.rpm | Linux |
| librelp Security Update (ALAS-2018-998) librelp-devel-1.2.12-1.amzn2.0.1.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234