CVE-2011-4623

Integer overflow in the rsCStrExtendBuf function in runtime/stringbuf.c in the imfile module in rsyslog 4.x before 4.6.6, 5.x before 5.7.4, and 6.x before 6.1.4 allows local users to cause a denial of service (daemon hang) via a large file, which triggers a heap-based buffer overflow.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.1 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:N/I:N/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
VendorProductVersion
rsyslogrsyslog
4.1.0
rsyslogrsyslog
4.1.1
rsyslogrsyslog
4.1.2
rsyslogrsyslog
4.1.3
rsyslogrsyslog
4.1.4
rsyslogrsyslog
4.1.5
rsyslogrsyslog
4.1.6
rsyslogrsyslog
4.1.7
rsyslogrsyslog
4.2.0
rsyslogrsyslog
4.3.0
rsyslogrsyslog
4.3.1
rsyslogrsyslog
4.3.2
rsyslogrsyslog
4.4.0
rsyslogrsyslog
4.4.1
rsyslogrsyslog
4.4.2
rsyslogrsyslog
4.5.0
rsyslogrsyslog
4.5.1
rsyslogrsyslog
4.5.2
rsyslogrsyslog
4.5.3
rsyslogrsyslog
4.5.4
rsyslogrsyslog
4.5.5
rsyslogrsyslog
4.5.6
rsyslogrsyslog
4.5.7
rsyslogrsyslog
4.5.8
rsyslogrsyslog
4.6.0
rsyslogrsyslog
4.6.1
rsyslogrsyslog
4.6.2
rsyslogrsyslog
4.6.3
rsyslogrsyslog
4.6.4
rsyslogrsyslog
4.6.5
rsyslogrsyslog
5.1.0
rsyslogrsyslog
5.1.1
rsyslogrsyslog
5.1.2
rsyslogrsyslog
5.1.3
rsyslogrsyslog
5.1.4
rsyslogrsyslog
5.1.5
rsyslogrsyslog
5.1.6
rsyslogrsyslog
5.2.0
rsyslogrsyslog
5.2.1
rsyslogrsyslog
5.2.2
rsyslogrsyslog
5.3.1
rsyslogrsyslog
5.3.2
rsyslogrsyslog
5.3.3
rsyslogrsyslog
5.3.4
rsyslogrsyslog
5.3.5
rsyslogrsyslog
5.3.6
rsyslogrsyslog
5.3.7
rsyslogrsyslog
5.4.0
rsyslogrsyslog
5.4.1
rsyslogrsyslog
5.4.2
rsyslogrsyslog
5.5.0
rsyslogrsyslog
5.5.1
rsyslogrsyslog
5.5.2
rsyslogrsyslog
5.5.3
rsyslogrsyslog
5.5.4
rsyslogrsyslog
5.5.5
rsyslogrsyslog
5.5.6
rsyslogrsyslog
5.5.7
rsyslogrsyslog
5.6.0
rsyslogrsyslog
5.6.1
rsyslogrsyslog
5.6.2
rsyslogrsyslog
5.6.3
rsyslogrsyslog
5.6.4
rsyslogrsyslog
5.6.5
rsyslogrsyslog
5.7.0
rsyslogrsyslog
5.7.1
rsyslogrsyslog
5.7.2
rsyslogrsyslog
5.7.3
rsyslogrsyslog
6.1.0
rsyslogrsyslog
6.1.1
rsyslogrsyslog
6.1.2
rsyslogrsyslog
6.1.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
rsyslog
bullseye (security)
8.2102.0-2+deb11u1
fixed
bullseye
8.2102.0-2+deb11u1
fixed
squeeze
no-dsa
bookworm
8.2302.0-1
fixed
sid
8.2410.0-1
fixed
trixie
8.2410.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
rsyslog
oneiric
not-affected
natty
Fixed 4.6.4-2ubuntu4.2
released
maverick
not-affected
lucid
not-affected
hardy
not-affected
Common Weakness Enumeration
References
http://bugzilla.adiscon.com/show_bug.cgi?id=221
http://git.adiscon.com/?p=rsyslog.git%3Ba=commit%3Bh=6bad782f154b7f838c7371bf99c13f6dc4ec4101
http://rsyslog.com/changelog-for-4-6-6-v4-stable/
http://rsyslog.com/changelog-for-5-7-4-v5-beta/
http://rsyslog.com/changelog-for-6-1-4-devel/
http://secunia.com/advisories/45848
http://secunia.com/advisories/47698
http://www.openwall.com/lists/oss-security/2011/12/22/2
http://www.securityfocus.com/bid/51171
http://www.securitytracker.com/id?1026556
http://www.ubuntu.com/usn/USN-1338-1
https://bugzilla.redhat.com/show_bug.cgi?id=769822
http://bugzilla.adiscon.com/show_bug.cgi?id=221
http://git.adiscon.com/?p=rsyslog.git%3Ba=commit%3Bh=6bad782f154b7f838c7371bf99c13f6dc4ec4101
http://rsyslog.com/changelog-for-4-6-6-v4-stable/
http://rsyslog.com/changelog-for-5-7-4-v5-beta/
http://rsyslog.com/changelog-for-6-1-4-devel/
http://secunia.com/advisories/45848
http://secunia.com/advisories/47698
http://www.openwall.com/lists/oss-security/2011/12/22/2
http://www.securityfocus.com/bid/51171
http://www.securitytracker.com/id?1026556
http://www.ubuntu.com/usn/USN-1338-1
https://bugzilla.redhat.com/show_bug.cgi?id=769822