---

CVE-2022-24903 - log back

CVE-2022-24903 edited at 14 May 2022 21:20:04
References	https://github.com/rsyslog/rsyslog/commit/f211042ecbb472f9d8beb4678a65d272b6f07705 + https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8

CVE-2022-24903 created at 14 May 2022 21:18:44
Severity	+ High
Remote	+ Remote
Type	+ Arbitrary code execution
Description	+ A flaw was found in rsyslog's reception TCP modules. This flaw allows an attacker to craft a malicious message leading to a heap-based buffer overflow. This issue allows the attacker to corrupt or access data stored in memory, leading to a denial of service in the rsyslog or possible remote code execution.
References	+ https://github.com/rsyslog/rsyslog/commit/f211042ecbb472f9d8beb4678a65d272b6f07705
Notes