[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2018-1000140 - rsyslog librelp X.509 parsing issue
From:       Kurt Seifried <kseifried () redhat ! com>
Date:       2018-03-23 18:44:09
Message-ID: CANO=Ty2wT7aX4fi5TAsE0sSkN+4ysqZkdzAjUtDF4tHchK08UQ () mail ! gmail ! com
[Download RAW message or body]


This was embargoed but then it got sent to the PUBLIC cve request page, so
the cat is out of the bag as it were, so notifying oss-sec.


{"data_version":"4.0","references":{"reference_data":[{"url":"
https://github.com/rsyslog/librelp/blob/532aa362f0f7a8d037505b0a27a1df452f9bac9e/src/tcp.c#L1205
 "},{"url":"https://lgtm.com/rules/1505913226124/"}]},"description":{"description_data":[{"lang":"eng","value":"rsyslog
 librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability
in the checking of x509 certificates from a peer that can result in Remote
code execution. This attack appear to be exploitable a remote attacker that
can connect to rsyslog and trigger a stack buffer overflow by sending a
specially crafted x509
certificate."}]},"data_type":"CVE","affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"version":{"version_data":[{"version_value":"1.2.14
 and
earlier"}]},"product_name":"librelp"}]},"vendor_name":"rsyslog"}]}},"CVE_data_meta":{"DATE_ASSIGNED":"3/20/2018
 10:38:48","ID":"CVE-2018-1000140","ASSIGNER":"kurt@seifried.org
","REQUESTER":"kev@semmle.com"},"data_format":"MITRE","problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Buffer
 Overflow"}]}]}}

-- 
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert@redhat.com



[prev in list] [next in list] [prev in thread] [next in thread]