CVE-2011-4623
Public on 2012-07-06
Modified on 2014-09-14
Description
Integer overflow in the rsCStrExtendBuf function in runtime/stringbuf.c in the imfile module in rsyslog 4.x before 4.6.6, 5.x before 5.7.4, and 6.x before 6.1.4 allows local users to cause a denial of service (daemon hang) via a large file, which triggers a heap-based buffer overflow.
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | rsyslog | 2012-07-06 | ALAS-2012-105 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv2 | 5.4 | AV:A/AC:M/Au:N/C:P/I:P/A:P |
| NVD | CVSSv2 | 2.1 | AV:L/AC:L/Au:N/C:N/I:N/A:P |