CVE-2022-24903: A flaw in rsyslog TCP module could allow an attacker to craft a malicious message leading to a heap-based buffer overflow. (BSA-2022-2127)
21215
20 March 2023
08 November 2022
CLOSED
MEDIUM
8.1 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
No
CVE-2022-24903
Summary
Security Advisory ID: BSA-2022-2127
Component: Rsyslog
Revision: 1.0
Rsyslog is vulnerable to remote code execution (RCE) due to improper validation of input data when octet-counted framing is used. An attacker could exploit this vulnerability by supplying a system with maliciously crafted messages.
Products Affected.
Brocade SANnav - Fixed in Brocade SANnav 2.2.1
Products Under Investigation.
Brocade ASC Gateway (ASC-G)
Products Confirmed Not Affected.
Brocade Fabric OS.
Revision History
Version |
Change |
Date |
---|---|---|
1.0 |
Initial Publication |
Nov 8, 2022 |