CVE-2019-17041

Name of the Vulnerable Software and Affected Versions Rsyslog version 8.1908.0

Description The issue is related to a heap overflow in the parser for AIX log messages in Rsyslog. This occurs when the parser fails to account for strings that do not satisfy the constraint of having a log message delimiter, such as a space or a colon. As a result, the variable lenMsg reaches zero, skips the sanity check for invalid log messages, and is then decremented to minus one. This causes the parser to interpret lenMsg as a huge value when calling memmove, leading to a heap overflow. The exploitation of this issue may allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For Rsyslog version 8.1908.0, consider disabling the pmaixforwardedfrom module until a patch is available to prevent the heap overflow in the AIX log message parser. Restrict access to the contrib/pmaixforwardedfrom/pmaixforwardedfrom.c component to minimize the risk of exploitation. Avoid using the lenMsg variable in the affected parser until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.