DSA-4151-1 librelp -- librelpID: oval:org.secpod.oval:def:603330 | Date: (C)2018-03-27 (M)2023-12-20 |
Class: PATCH | Family: unix |
Bas van Schaik and Kevin Backhouse discovered a stack-based buffer overflow vulnerability in librelp, a library providing reliable event logging over the network, triggered while checking x509 certificates from a peer. A remote attacker able to connect to rsyslog can take advantage of this flaw for remote code execution by sending a specially crafted x509 certificate
Platform: |
Debian 8.x |
Debian 9.x |
Product: |
librelp |
librelp-dev |