PT-2018-1196 · Rsyslog+5 · Librelp+5

Bas Van Schaik

Published

2018-03-19

Updated

2023-06-12

CVE-2018-1000140

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions librelp versions 1.2.14 and earlier

Description The issue is related to a Buffer Overflow vulnerability in the checking of x509 certificates from a peer, which can result in Remote code execution. This can be exploited by a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate. The vulnerability is associated with the snprintf() function of the RELP library, which can cause a buffer overflow in memory when processing x509 certificates, allowing a remote attacker to execute arbitrary code.

Recommendations For librelp versions 1.2.14 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Stack Overflow

Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-119CWE-787

Related Identifiers

ALT-PU-2018-1561

BDU:2018-00654

CESA-2018_1223

CESA-2018_1225

CVE-2018-1000140

DSA-4151-1

MGASA-2018-0251

OPENSUSE-SU-2018_0829-1

OPENSUSE-SU-2024:10982-1

RHSA-2018:1223

RHSA-2018:1225

RHSA-2018:1701

RHSA-2018:1702

RHSA-2018:1703

RHSA-2018:1704

RHSA-2018:1707

RHSA-2018_1223

RHSA-2018_1225

SUSE-SU-2018:0822-1

SUSE-SU-2018:0828-1

SUSE-SU-2018_0822-1

SUSE-SU-2018_0828-1

SUSE-SU-2022:1891-1

SUSE-SU-2022_1891-1

USN-3612-1

USN-4828-1

Affected Products

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Librelp

PT-2018-1196 · Rsyslog+5 · Librelp+5

CVE-2018-1000140

Weakness Enumeration

Related Identifiers

Affected Products

References · 70