Rgerhards

**Name of the Vulnerable Software and Affected Versions** rsyslog versions prior to 5.7.6 **Description** A memory leak was found in the way the rsyslog daemon processes log messages when $RepeatedMsgReduction is enabled. This issue could be exploited by a local attacker to cause a denial of the rsyslogd daemon service by crashing it via a sequence of repeated log messages sent within short periods of time. **Recommendations** For versions prior to 5.7.6, update to version 5.7.6 or later to resolve the issue. As a temporary workaround, consider disabling the $RepeatedMsgReduction feature until a patch is available.

**Name of the Vulnerable Software and Affected Versions** rsyslog versions prior to 5.7.6 **Description** A memory leak was found in the way the rsyslog daemon processed log messages when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset. **Recommendations** For versions prior to 5.7.6, update to version 5.7.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of multiple rulesets to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** rsyslog versions prior to 5.7.6 **Description** A memory leak was found in the way the rsyslog daemon processed log messages when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. This could allow a local attacker to cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset. **Recommendations** For versions prior to 5.7.6, update to version 5.7.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of multiple rulesets to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Rsyslog version 8.1908.0 **Description** An issue was discovered in the parser for Cisco log messages in the contrib/pmcisconames/pmcisconames.c file. The parser fails to account for strings that do not satisfy the constraint of having a log message delimiter, such as a space or a colon. This can cause the variable `lenMsg` to reach zero, skip the sanity check, and consider the message valid. As a result, the parser will attempt to shift left the contents of the message, calling `memmove` with the right pointers, but the `lenMsg` will be interpreted as a huge value, causing a heap overflow. This can allow a remote attacker to access confidential data, disrupt its integrity, and cause a denial of service. **Recommendations** For Rsyslog version 8.1908.0, consider disabling the `pmcisconames` module or restricting its use until a patch is available to prevent exploitation of the heap overflow vulnerability in the parser for Cisco log messages.