CVE-2013-4758

Double free vulnerability in the writeDataError function in the ElasticSearch plugin (omelasticsearch) in rsyslog before 7.4.2 and before 7.5.2 devel, when errorfile is set to local logging, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted JSON response.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.openwall.com/lists/oss-security/2013/07/05/2
http://www.rsyslog.com/rsyslog-7-5-2-v7-devel-released/	Patch
http://www.rsyslog.com/rsyslog-7-4-2-v7-stable-released/	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:rsyslog:rsyslog:7.3.7:::::::*
	cpe:2.3:a:rsyslog:rsyslog:7.3.6:::::::*
	cpe:2.3:a:rsyslog:rsyslog:7.3.5:::::::*
	cpe:2.3:a:rsyslog:rsyslog:7.3.4:::::::*
	cpe:2.3:a:rsyslog:rsyslog:7.1.10:::::::*
	cpe:2.3:a:rsyslog:rsyslog:7.1.9:::::::*
	cpe:2.3:a:rsyslog:rsyslog:7.1.8:::::::*
	cpe:2.3:a:rsyslog:rsyslog:7.1.7:::::::*
	cpe:2.3:a:rsyslog:rsyslog:7.1.6:::::::*
	cpe:2.3:a:rsyslog:rsyslog:7.4.0:::::::*
	cpe:2.3:a:rsyslog:rsyslog:7.3.15:::::::*
	cpe:2.3:a:rsyslog:rsyslog:6.5.1:::::::*
	cpe:2.3:a:rsyslog:rsyslog:7.1.2:::::::*
	cpe:2.3:a:rsyslog:rsyslog:7.3.13:::::::*
	cpe:2.3:a:rsyslog:rsyslog:7.2.5:::::::*
	cpe:2.3:a:rsyslog:rsyslog::::::::
	cpe:2.3:a:rsyslog:rsyslog:6.6.0:::::::*
	cpe:2.3:a:rsyslog:rsyslog:7.3.12:::::::*
	cpe:2.3:a:rsyslog:rsyslog:7.2.6:::::::*
	cpe:2.3:a:rsyslog:rsyslog:7.2.1:::::::*
	cpe:2.3:a:rsyslog:rsyslog:7.3.14:::::::*
	cpe:2.3:a:rsyslog:rsyslog:6.4.2:::::::*
	cpe:2.3:a:rsyslog:rsyslog:7.3.3:::::::*
	cpe:2.3:a:rsyslog:rsyslog:7.1.0:::::::*
	cpe:2.3:a:rsyslog:rsyslog::devel::::::*
	cpe:2.3:a:rsyslog:rsyslog:7.2.3:::::::*
	cpe:2.3:a:rsyslog:rsyslog:7.3.10:::::::*
	cpe:2.3:a:rsyslog:rsyslog:7.3.0:::::::*
	cpe:2.3:a:rsyslog:rsyslog:7.2.4:::::::*
	cpe:2.3:a:rsyslog:rsyslog:7.1.1:::::::*
	cpe:2.3:a:rsyslog:rsyslog:7.3.8:::::::*
	cpe:2.3:a:rsyslog:rsyslog:7.1.11:::::::*
	cpe:2.3:a:rsyslog:rsyslog:7.1.4:::::::*
	cpe:2.3:a:rsyslog:rsyslog:7.1.12:::::::*
	cpe:2.3:a:rsyslog:rsyslog:7.1.5:::::::*
	cpe:2.3:a:rsyslog:rsyslog:7.2.7:::::::*
	cpe:2.3:a:rsyslog:rsyslog:7.3.1:::::::*
	cpe:2.3:a:rsyslog:rsyslog:7.5.0:devel::::::
	cpe:2.3:a:rsyslog:rsyslog:7.1.3:::::::*
	cpe:2.3:a:rsyslog:rsyslog:7.3.9:::::::*
	cpe:2.3:a:rsyslog:rsyslog:7.2.2:::::::*
	cpe:2.3:a:rsyslog:rsyslog:7.3.11:::::::*

Information

Published : 2013-10-04 10:55

Updated : 2013-10-07 07:29

NVD link : CVE-2013-4758

Mitre link : CVE-2013-4758

JSON object : View

CWE

CWE-399

Resource Management Errors

Products Affected

rsyslog

rsyslog

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.openwall.com/lists/oss-security/2013/07/05/2", "name": "[oss-security] 20130705 LSE Leading Security Experts GmbH - LSE-2013-07-03 - rsyslog ElasticSearch Plugin", "tags": [], "refsource": "MLIST"}, {"url": "http://www.rsyslog.com/rsyslog-7-5-2-v7-devel-released/", "name": "http://www.rsyslog.com/rsyslog-7-5-2-v7-devel-released/", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www.rsyslog.com/rsyslog-7-4-2-v7-stable-released/", "name": "http://www.rsyslog.com/rsyslog-7-4-2-v7-stable-released/", "tags": ["Patch"], "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Double free vulnerability in the writeDataError function in the ElasticSearch plugin (omelasticsearch) in rsyslog before 7.4.2 and before 7.5.2 devel, when errorfile is set to local logging, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted JSON response."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-399"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2013-4758", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2013-10-04T17:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:rsyslog:rsyslog:7.3.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rsyslog:rsyslog:7.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rsyslog:rsyslog:7.3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rsyslog:rsyslog:7.3.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rsyslog:rsyslog:7.1.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rsyslog:rsyslog:7.1.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rsyslog:rsyslog:7.1.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rsyslog:rsyslog:7.1.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rsyslog:rsyslog:7.1.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rsyslog:rsyslog:7.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rsyslog:rsyslog:7.3.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rsyslog:rsyslog:6.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rsyslog:rsyslog:7.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rsyslog:rsyslog:7.3.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rsyslog:rsyslog:7.2.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rsyslog:rsyslog:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "7.4.1"}, {"cpe23Uri": "cpe:2.3:a:rsyslog:rsyslog:6.6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rsyslog:rsyslog:7.3.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rsyslog:rsyslog:7.2.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rsyslog:rsyslog:7.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rsyslog:rsyslog:7.3.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rsyslog:rsyslog:6.4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rsyslog:rsyslog:7.3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rsyslog:rsyslog:7.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rsyslog:rsyslog:*:devel:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "7.5.1"}, {"cpe23Uri": "cpe:2.3:a:rsyslog:rsyslog:7.2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rsyslog:rsyslog:7.3.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rsyslog:rsyslog:7.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rsyslog:rsyslog:7.2.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rsyslog:rsyslog:7.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rsyslog:rsyslog:7.3.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rsyslog:rsyslog:7.1.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rsyslog:rsyslog:7.1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rsyslog:rsyslog:7.1.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rsyslog:rsyslog:7.1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rsyslog:rsyslog:7.2.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rsyslog:rsyslog:7.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rsyslog:rsyslog:7.5.0:devel:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rsyslog:rsyslog:7.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rsyslog:rsyslog:7.3.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rsyslog:rsyslog:7.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rsyslog:rsyslog:7.3.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2013-10-07T14:29Z"}

6.8 /10