CVE-2020-8443

Name of the Vulnerable Software and Affected Versions OSSEC-HIDS versions 2.7 through 3.5.0

Description The server component responsible for log analysis, ossec-analysisd, is susceptible to an off-by-one heap-based buffer overflow. This occurs during the cleaning of crafted syslog messages received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted.

Recommendations For OSSEC-HIDS versions 2.7 through 3.5.0, consider disabling the ossec-analysisd component temporarily until a patch is available to prevent potential exploitation of the buffer overflow vulnerability. Restrict access to the analysisd processing queue to minimize the risk of exploitation. Avoid using crafted syslog messages in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.