rsyslog is vulnerable to buffer overflow. The vulnerability exists because when there is a check for the maximum number of octets, digits are written to a heap buffer even when the octet count is over the maximum which leads to a memory corruption.

References

git://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2022-24903

github.com/rsyslog/rsyslog/commit/f211042ecbb472f9d8beb4678a65d272b6f07705

github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8

lists.debian.org/debian-lts-announce/2022/05/msg00028.html

lists.fedoraproject.org/archives/list/[email protected]/message/GMNNXLCU2UORRVSZO24HL4KMVPK5PHVW/

security.netapp.com/advisory/ntap-20221111-0002/

www.debian.org/security/2022/dsa-5150

prion 1

almalinux 1

openvas 28

fedora 2

nessus 58

redhat 12

cve 1

osv 9

oraclelinux 4

redhatcve 1

cloudlinux 1

cvelist 1

cbl_mariner 2

gentoo 1

rosalinux 1

alpinelinux 1

ibm 5

mageia 1

broadcom 2

rocky 2

freebsd 1

redos 1

ubuntu 2

ubuntucve 1

debian 2

debiancve 1

suse 1

nvd 1

amazon 2

ics 1

oracle 1

prion

Heap overflow

2022-05-06 00:15:00

almalinux

Important: rsyslog security update

2022-05-30 07:24:07

openvas

SUSE: Security Advisory (SUSE-SU-2022:2331-1)

2022-07-08 00:00:00

Huawei EulerOS: Security Advisory for rsyslog (EulerOS-SA-2022-2587)

2022-10-12 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:2314-1)

2022-07-08 00:00:00

fedora

[SECURITY] Fedora 35 Update: rsyslog-8.2204.0-1.fc35

2022-05-17 01:56:45

[SECURITY] Fedora 36 Update: rsyslog-8.2204.0-1.fc36

2022-05-17 01:32:39

nessus

SUSE SLES15 Security Update : rsyslog (SUSE-SU-2022:1817-1)

2022-05-24 00:00:00

EulerOS Virtualization 2.10.1 : rsyslog (EulerOS-SA-2022-2121)

2022-07-14 00:00:00

Rocky Linux 8 : rsyslog (RLSA-2022:4799)

2022-07-08 00:00:00

redhat

(RHSA-2022:4795) Important: rsyslog security update

2022-05-30 07:22:28

(RHSA-2022:4808) Important: rsyslog and rsyslog7 security update

2022-05-31 07:57:01

(RHSA-2022:4801) Important: rsyslog security update

2022-05-30 07:24:59

cve

CVE-2022-24903

2022-05-06 00:15:07

osv

Important: rsyslog security update

2022-05-30 07:24:07

rsyslog vulnerability

2022-05-05 18:27:25

rsyslog - security update

2022-05-28 00:00:00

oraclelinux

rsyslog security update

2022-05-31 00:00:00

rsyslog security update

2022-06-30 00:00:00

rsyslog security update

2022-05-30 00:00:00

redhatcve

CVE-2022-24903

2022-05-05 13:36:34

cloudlinux

Fixed CVE-2022-24903 in rsyslog

2022-06-08 19:49:37

cvelist

CVE-2022-24903 Buffer overflow in TCP syslog server (receiver) components in rsyslog

2022-05-05 00:00:00

cbl_mariner

CVE-2022-24903 affecting package rsyslog for versions less than 8.2204.1-1

2022-06-03 17:54:05

CVE-2022-24903 affecting package rsyslog 8.37.0-6

2022-06-15 17:03:08

gentoo

rsyslog: Heap Buffer Overflow

2024-08-11 00:00:00

rosalinux

Advisory ROSA-SA-2024-2381

2024-03-26 11:41:42

alpinelinux

CVE-2022-24903

2022-05-06 00:15:07

ibm

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a buffer overflow in rsyslog [ CVE-2022-24903]

2024-03-28 21:59:28

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a heap-based buffer overflow in rsyslog (CVE-2022-24903).

2023-01-12 21:59:00

Security Bulletin: IBM Security Guardium is affected by several vulnerabilities

2023-09-19 19:45:35

mageia

Updated rsyslog packages fix security vulnerability

2022-05-08 10:58:48

broadcom

CVE-2022-24903: A flaw in rsyslog TCP module could allow an attacker to craft a malicious message leading to a heap-based buffer overflow. (BSA-2022-2127)

2022-11-08 00:00:00

CVE-2022-24903: A flaw in rsyslog TCP module could allows an attacker to craft a malicious message leading to a heap-based buffer overflow.

2022-11-08 00:00:00

rocky

rsyslog security update

2022-05-30 07:24:07

rsyslog security update

2022-05-30 07:22:28

freebsd

rsyslog8 -- heap buffer overflow on receiving TCP syslog

2022-05-05 00:00:00

redos

ROS-20240403-16

2024-04-03 00:00:00

ubuntu

Rsyslog vulnerability

2022-05-05 00:00:00

Rsyslog vulnerability

2022-05-24 00:00:00

ubuntucve

CVE-2022-24903

2022-05-05 00:00:00

debian

[SECURITY] [DSA 5150-1] rsyslog security update

2022-05-28 19:26:20

[SECURITY] [DLA 3016-1] rsyslog security update

2022-05-20 21:58:25

debiancve

CVE-2022-24903

2022-05-06 00:15:07

suse

Security update for rsyslog (important)

2022-05-09 00:00:00

nvd

CVE-2022-24903

2022-05-06 00:15:07

amazon

Important: rsyslog

2022-05-31 23:47:00

Important: rsyslog

2022-05-31 23:50:00

ics

Siemens RUGGEDCOM ROX

2023-07-13 12:00:00

oracle

Oracle Critical Patch Update Advisory - January 2023

2023-01-17 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

EPSS

0.191

Percentile

96.3%

JSON

Related for VERACODE:35473