CVE-2018-16881 - Vulnerability Details

A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Redhat	Enterprise Linux Enterprise Linux Desktop Enterprise Linux For Ibm Z Systems Enterprise Linux For Power Big Endian Enterprise Linux For Power Little Endian Enterprise Linux For Scientific Computing Enterprise Linux Server Enterprise Linux Workstation Rhev Manager Virtualization Virtualization Host Virtualization Manager
Rsyslog	Rsyslog

Configuration 1 [-]

cpe:2.3:a:rsyslog:rsyslog:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:redhat:virtualization_manager:4.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

Configuration 3 [-]

AND

OR	cpe:2.3:a:redhat:virtualization:4.0:::::::*
	cpe:2.3:a:redhat:virtualization_host:4.0:::::::*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Configuration 4 [-]

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 7
rsyslog-0:8.24.0-38.el7	cpe:/o:redhat:enterprise_linux:7	RHSA-2019:2110	2019-08-06T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7
rsyslog-0:8.24.0-41.el7_7	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHBA-2019:2501	2019-08-15T00:00:00Z
imgbased-0:1.1.9-0.1.el7ev	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2019:2437	2019-08-12T00:00:00Z
ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2019:2437	2019-08-12T00:00:00Z
redhat-release-virtualization-host-0:4.3.5-2.el7ev	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2019:2437	2019-08-12T00:00:00Z
redhat-virtualization-host-0:4.3.5-20190722.0.el7_7	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2019:2437	2019-08-12T00:00:00Z
rhvm-appliance-0:4.3-20190722.0.el7	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2019:2439	2019-08-12T00:00:00Z
Red Hat Virtualization Engine 4.3
rsyslog-0:8.24.0-41.el7_7	cpe:/a:redhat:rhev_manager:4.3	RHBA-2019:2501	2019-08-15T00:00:00Z

References

Link	Providers
https://access.redhat.com/errata/RHBA-2019:2501
https://access.redhat.com/errata/RHSA-2019:2110
https://access.redhat.com/errata/RHSA-2019:2437
https://access.redhat.com/errata/RHSA-2019:2439
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16881
https://lists.debian.org/debian-lts-announce/2022/05/msg00028.html
https://nvd.nist.gov/vuln/detail/CVE-2018-16881
https://www.cve.org/CVERecord?id=CVE-2018-16881

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2019-01-25T18:00:00

Updated: 2024-08-05T10:32:54.189Z

Reserved: 2018-09-11T00:00:00

Link: CVE-2018-16881

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-01-25T18:29:00.257

Modified: 2024-11-21T03:53:31.293

Link: CVE-2018-16881

Redhat

Severity : Moderate

Publid Date: 2017-04-19T00:00:00Z

Links: CVE-2018-16881 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object