Bug 2081353 (CVE-2022-24903) - CVE-2022-24903 rsyslog: Heap-based overflow in TCP syslog server
Summary: CVE-2022-24903 rsyslog: Heap-based overflow in TCP syslog server
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-24903
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
: 2081091 (view as bug list)
Depends On: 2081393 2081394 2081395 2081396 2081397 2081398 2081399 2081400 2081401 2081402 2081403 2081673 2082302 2082616 2083004 2083005
Blocks: 2081071
TreeView+ depends on / blocked
 
Reported: 2022-05-03 13:50 UTC by Marco Benatto
Modified: 2022-11-29 11:27 UTC (History)
16 users (show)

Fixed In Version: rsyslog-8.2204.1
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in rsyslog's reception TCP modules. This flaw allows an attacker to craft a malicious message leading to a heap-based buffer overflow. This issue allows the attacker to corrupt or access data stored in memory, leading to a denial of service in the rsyslog or possible remote code execution.
Clone Of:
Environment:
Last Closed: 2022-11-29 11:27:28 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2022:4811 0 None None None 2022-05-31 08:53:33 UTC
Red Hat Product Errata RHBA-2022:4841 0 None None None 2022-05-31 12:24:38 UTC
Red Hat Product Errata RHSA-2022:4795 0 None None None 2022-05-30 09:02:10 UTC
Red Hat Product Errata RHSA-2022:4799 0 None None None 2022-05-30 12:11:14 UTC
Red Hat Product Errata RHSA-2022:4800 0 None None None 2022-05-30 11:13:04 UTC
Red Hat Product Errata RHSA-2022:4801 0 None None None 2022-05-30 07:50:03 UTC
Red Hat Product Errata RHSA-2022:4802 0 None None None 2022-05-30 11:14:50 UTC
Red Hat Product Errata RHSA-2022:4803 0 None None None 2022-05-30 09:38:58 UTC
Red Hat Product Errata RHSA-2022:4808 0 None None None 2022-05-31 08:17:14 UTC
Red Hat Product Errata RHSA-2022:4896 0 None None None 2022-06-03 13:48:54 UTC
Red Hat Product Errata RHSA-2022:5439 0 None None None 2022-06-30 07:31:52 UTC

Description Marco Benatto 2022-05-03 13:50:31 UTC 
Modules for TCP syslog reception have a heap buffer overflow when octet-counted framing is used. The attacker can corrupt heap values leading for data integrity issues and availability impact. Remote code execution is unlikely to happen but not impossible.
Comment 6 Marco Benatto 2022-05-05 18:30:38 UTC 
Created rsyslog tracking bugs for this issue:

Affects: fedora-all [bug 2082302]
Comment 9 Marian Rehak 2022-05-09 09:26:38 UTC 
*** Bug 2081091 has been marked as a duplicate of this bug. ***
Comment 12 errata-xmlrpc 2022-05-30 07:50:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:4801 https://access.redhat.com/errata/RHSA-2022:4801
Comment 13 errata-xmlrpc 2022-05-30 09:02:07 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:4795 https://access.redhat.com/errata/RHSA-2022:4795
Comment 14 errata-xmlrpc 2022-05-30 09:38:56 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:4803 https://access.redhat.com/errata/RHSA-2022:4803
Comment 15 errata-xmlrpc 2022-05-30 11:13:01 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:4800 https://access.redhat.com/errata/RHSA-2022:4800
Comment 16 errata-xmlrpc 2022-05-30 11:14:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:4802 https://access.redhat.com/errata/RHSA-2022:4802
Comment 17 errata-xmlrpc 2022-05-30 12:11:11 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:4799 https://access.redhat.com/errata/RHSA-2022:4799
Comment 18 errata-xmlrpc 2022-05-31 08:17:11 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Extended Lifecycle Support

Via RHSA-2022:4808 https://access.redhat.com/errata/RHSA-2022:4808
Comment 19 Yannick Bergeron 2022-06-02 12:20:37 UTC 
I believe this errata has an error in its package name: https://access.redhat.com/errata/RHSA-2022:4799

It mentions:
x86_64
rsyslog-8.2102.0-7.el8_6.1.x86_64.rpm

However, on my system after the update, I see:
rsyslog-8.2102.0-7.el8.x86_64

the "_6.1" is not there. Therefore, it results in false positive in security tools such as Tenable Nessus as they are expecting rsyslog-8.2102.0-7.el8_6.1 instead of rsyslog-8.2102.0-7.el8.x86_64

Could the errata be updated?
Comment 20 errata-xmlrpc 2022-06-03 13:48:51 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 8

Via RHSA-2022:4896 https://access.redhat.com/errata/RHSA-2022:4896
Comment 21 errata-xmlrpc 2022-06-30 07:31:48 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 7

Via RHSA-2022:5439 https://access.redhat.com/errata/RHSA-2022:5439
Comment 22 Product Security DevOps Team 2022-11-29 11:27:25 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-24903
Note You need to log in before you can comment on or make changes to this bug.