A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16881 | Issue Tracking Mitigation Patch Third Party Advisory |
https://access.redhat.com/errata/RHSA-2019:2110 | Third Party Advisory |
https://access.redhat.com/errata/RHSA-2019:2439 | Third Party Advisory |
https://access.redhat.com/errata/RHSA-2019:2437 | Third Party Advisory |
https://access.redhat.com/errata/RHBA-2019:2501 | Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/05/msg00028.html | Mailing List Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
|
Information
Published : 2019-01-25 10:29
Updated : 2022-10-06 09:13
NVD link : CVE-2018-16881
Mitre link : CVE-2018-16881
JSON object : View
CWE
CWE-190
Integer Overflow or Wraparound
Products Affected
redhat
- enterprise_linux_desktop
- enterprise_linux_for_power_little_endian
- enterprise_linux
- enterprise_linux_workstation
- enterprise_linux_for_scientific_computing
- virtualization_manager
- enterprise_linux_for_ibm_z_systems
- virtualization
- enterprise_linux_for_power_big_endian
- virtualization_host
- enterprise_linux_server
rsyslog
- rsyslog
debian
- debian_linux