CVE-2019-17042

Name of the Vulnerable Software and Affected Versions Rsyslog version 8.1908.0

Description An issue was discovered in the parser for Cisco log messages in the contrib/pmcisconames/pmcisconames.c file. The parser fails to account for strings that do not satisfy the constraint of having a log message delimiter, such as a space or a colon. This can cause the variable lenMsg to reach zero, skip the sanity check, and consider the message valid. As a result, the parser will attempt to shift left the contents of the message, calling memmove with the right pointers, but the lenMsg will be interpreted as a huge value, causing a heap overflow. This can allow a remote attacker to access confidential data, disrupt its integrity, and cause a denial of service.

Recommendations For Rsyslog version 8.1908.0, consider disabling the pmcisconames module or restricting its use until a patch is available to prevent exploitation of the heap overflow vulnerability in the parser for Cisco log messages.