Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2013-4758

Опубликовано: 04 окт. 2013
Источник: nvd
CVSS2: 6.8
EPSS Низкий

Описание

Double free vulnerability in the writeDataError function in the ElasticSearch plugin (omelasticsearch) in rsyslog before 7.4.2 and before 7.5.2 devel, when errorfile is set to local logging, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted JSON response.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:rsyslog:rsyslog:*:*:*:*:*:*:*:*
Версия до 7.4.1 (включая)
cpe:2.3:a:rsyslog:rsyslog:*:devel:*:*:*:*:*:*
Версия до 7.5.1 (включая)
cpe:2.3:a:rsyslog:rsyslog:6.4.2:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:6.5.1:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:6.6.0:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:7.1.0:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:7.1.1:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:7.1.2:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:7.1.3:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:7.1.4:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:7.1.5:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:7.1.6:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:7.1.7:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:7.1.8:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:7.1.9:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:7.1.10:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:7.1.11:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:7.1.12:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:7.2.1:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:7.2.2:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:7.2.3:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:7.2.4:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:7.2.5:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:7.2.6:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:7.2.7:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:7.3.0:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:7.3.1:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:7.3.3:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:7.3.4:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:7.3.5:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:7.3.6:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:7.3.7:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:7.3.8:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:7.3.9:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:7.3.10:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:7.3.11:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:7.3.12:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:7.3.13:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:7.3.14:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:7.3.15:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:7.4.0:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:7.5.0:devel:*:*:*:*:*:*

EPSS

Процентиль: 79%
0.01216
Низкий

6.8 Medium

CVSS2

Дефекты

CWE-399

Связанные уязвимости

ubuntu логотип

CVE-2013-4758

ubuntu
больше 12 лет назад

Double free vulnerability in the writeDataError function in the ElasticSearch plugin (omelasticsearch) in rsyslog before 7.4.2 and before 7.5.2 devel, when errorfile is set to local logging, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted JSON response.

redhat логотип

CVE-2013-4758

redhat
больше 12 лет назад

Double free vulnerability in the writeDataError function in the ElasticSearch plugin (omelasticsearch) in rsyslog before 7.4.2 and before 7.5.2 devel, when errorfile is set to local logging, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted JSON response.

debian логотип

CVE-2013-4758

debian
больше 12 лет назад

Double free vulnerability in the writeDataError function in the Elasti ...

github логотип

GHSA-h9vm-3m8j-cpjv

github
больше 3 лет назад

Double free vulnerability in the writeDataError function in the ElasticSearch plugin (omelasticsearch) in rsyslog before 7.4.2 and before 7.5.2 devel, when errorfile is set to local logging, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted JSON response.

EPSS

Процентиль: 79%
0.01216
Низкий

6.8 Medium

CVSS2

Дефекты

CWE-399