CVE-2022-24903

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2022-24903
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2022-05-06 00:15:00 UTC
Updated2023-11-07 03:44:00 UTC
DescriptionRsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code execution. But there may still be a slight chance for experts to do that. The bug occurs when the octet count is read. While there is a check for the maximum number of octets, digits are written to a heap buffer even when the octet count is over the maximum, This can be used to overrun the memory buffer. However, once the sequence of digits stop, no additional characters can be added to the buffer. In our opinion, this makes remote exploits impossible or at least highly complex. Octet-counted framing is one of two potential framing modes. It is relatively uncommon, but enabled by default on receivers. Modules `imtcp`, `imptcp`, `imgssapi`, and `imhttp` are used for regular syslog message reception. It is best practice not to directly expose them to the public. When this practice is followed, the risk is considerably lower. Module `imdiag` is a diagnostics module primarily intended for testbench runs. We do not expect it to be present on any production installation. Octet-counted framing is not very common. Usually, it needs to be specifically enabled at senders. If users do not need it, they can turn it off for the most important modules. This will mitigate the vulnerability.

Risk And Classification

Problem Types: CWE-1284

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Debian Debian Linux 10.0 All All All
Operating System Debian Debian Linux 11.0 All All All
Operating System Debian Debian Linux 9.0 All All All
Operating System Fedoraproject Fedora 35 All All All
Application Netapp Active Iq Unified Manager - All All All
Application Rsyslog Rsyslog All All All All

References

ReferenceSourceLinkTags
[SECURITY] [DLA 3016-1] rsyslog security update MLIST lists.debian.org
[SECURITY] Fedora 35 Update: rsyslog-8.2204.0-1.fc35 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
Merge pull request from GHSA-ggw7-xr6h-mmr8 · rsyslog/rsyslog@f211042 · GitHub MISC github.com
[SECURITY] Fedora 35 Update: rsyslog-8.2204.0-1.fc35 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
Debian -- Security Information -- DSA-5150-1 rsyslog DEBIAN www.debian.org
CVE-2022-24903 Rsyslog Vulnerability in NetApp Products | NetApp Product Security CONFIRM security.netapp.com
Potential heap buffer overflow in TCP syslog server (receiver) components · Advisory · rsyslog/rsyslog · GitHub CONFIRM github.com
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 159867 Oracle Enterprise Linux Security Update for rsyslog (ELSA-2022-4799)
  • 159870 Oracle Enterprise Linux Security Update for rsyslog (ELSA-2022-4803)
  • 159937 Oracle Enterprise Linux Security Update for rsyslog (ELSA-2022-4795)
  • 160090 Oracle Enterprise Linux Security Update for rsyslog rsyslog7 (ELSA-2022-9783)
  • 179302 Debian Security Update for rsyslog (DLA 3016-1)
  • 179327 Debian Security Update for rsyslog (DSA 5150-1)
  • 182202 Debian Security Update for rsyslog (CVE-2022-24903)
  • 198776 Ubuntu Security Notification for Rsyslog Vulnerability (USN-5404-1)
  • 240377 Red Hat Update for rsyslog (RHSA-2022:4800)
  • 240378 Red Hat Update for rsyslog (RHSA-2022:4802)
  • 240379 Red Hat Update for rsyslog (RHSA-2022:4803)
  • 240380 Red Hat Update for rsyslog (RHSA-2022:4799)
  • 240381 Red Hat Update for rsyslog (RHSA-2022:4795)
  • 282693 Fedora Security Update for rsyslog (FEDORA-2022-f796a28a7b)
  • 353948 Amazon Linux Security Advisory for rsyslog : ALAS2-2022-1803
  • 353957 Amazon Linux Security Advisory for rsyslog : ALAS-2022-1594
  • 354429 Amazon Linux Security Advisory for rsyslog : ALAS2022-2022-075
  • 354517 Amazon Linux Security Advisory for rsyslog : ALAS2022-2022-211
  • 354539 Amazon Linux Security Advisory for rsyslog : ALAS-2022-211
  • 354633 Amazon Linux Security Advisory for rsyslog : AL2012-2022-365
  • 355272 Amazon Linux Security Advisory for rsyslog : ALAS2023-2023-001
  • 376897 Alibaba Cloud Linux Security Update for rsyslog (ALINUX3-SA-2022:0137)
  • 376995 Alibaba Cloud Linux Security Update for rsyslog (ALINUX2-SA-2022:0024)
  • 390277 Oracle Managed Virtualization (VM) Server for x86 Security Update for rsyslog (OVMSA-2023-0010)
  • 500607 Alpine Linux Security Update for rsyslog
  • 501489 Alpine Linux Security Update for rsyslog
  • 502022 Alpine Linux Security Update for rsyslog
  • 502235 Alpine Linux Security Update for rsyslog
  • 504367 Alpine Linux Security Update for rsyslog
  • 671863 EulerOS Security Update for rsyslog (EulerOS-SA-2022-1914)
  • 671888 EulerOS Security Update for rsyslog (EulerOS-SA-2022-1950)
  • 671947 EulerOS Security Update for rsyslog (EulerOS-SA-2022-2009)
  • 671956 EulerOS Security Update for rsyslog (EulerOS-SA-2022-1979)
  • 671974 EulerOS Security Update for rsyslog (EulerOS-SA-2022-2170)
  • 671991 EulerOS Security Update for rsyslog (EulerOS-SA-2022-2145)
  • 672217 EulerOS Security Update for rsyslog (EulerOS-SA-2022-2633)
  • 690865 Free Berkeley Software Distribution (FreeBSD) Security Update for rsyslog8 (b9837fa1-cd72-11ec-98f1-6805ca0b3d42)
  • 752112 SUSE Enterprise Linux Security Update for rsyslog (SUSE-SU-2022:1583-1)
  • 752163 SUSE Enterprise Linux Security Update for rsyslog (SUSE-SU-2022:1817-1)
  • 752319 SUSE Enterprise Linux Security Update for rsyslog (SUSE-SU-2022:2314-1)
  • 752322 SUSE Enterprise Linux Security Update for rsyslog (SUSE-SU-2022:2331-1)
  • 901581 Common Base Linux Mariner (CBL-Mariner) Security Update for rsyslog (9739)
  • 901856 Common Base Linux Mariner (CBL-Mariner) Security Update for rsyslog (9736)
  • 902057 Common Base Linux Mariner (CBL-Mariner) Security Update for rsyslog (9736-1)
  • 902213 Common Base Linux Mariner (CBL-Mariner) Security Update for rsyslog (9739-1)
  • 940586 AlmaLinux Security Update for rsyslog (ALSA-2022:4799)
  • 960142 Rocky Linux Security Update for rsyslog (RLSA-2022:4799)
  • 960632 Rocky Linux Security Update for rsyslog (RLSA-2022:4795)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report