CVE-2013-4758

Published Oct 4, 2013
Last updated 11 years ago
CVSS info 6.8
Overview

Description: Double free vulnerability in the writeDataError function in the ElasticSearch plugin (omelasticsearch) in rsyslog before 7.4.2 and before 7.5.2 devel, when errorfile is set to local logging, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted JSON response.
Source: cve@mitre.org
NVD status: Analyzed
Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses

nvd@nist.gov: CWE-399
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BDE20FE1-56D8-4D3C-B4A2-EE2B75ACFA62",
            "versionEndIncluding": "7.4.1"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:*:devel:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1D028081-DAF7-4D78-872C-C13F83680212",
            "versionEndIncluding": "7.5.1"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:6.4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9508A76B-701A-4C14-9C04-4E28929BDA14"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:6.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "93CD9481-10CF-43FF-83FA-D2DA2AF511FB"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:6.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF4C2FA1-BAFC-434C-82EA-66F184188E23"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:7.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F42492F4-4733-4B79-A772-E1FEE6B94720"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:7.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C8641BF6-2DA2-4921-96C1-75BE79C53848"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:7.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F784088F-B978-4884-A8DB-78EF80D8F084"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:7.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D32E4647-4082-4570-90A4-C99B5C10FB19"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:7.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DBF9A496-300B-4BA8-B0D1-8C462433E0F1"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:7.1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CFC40422-9D3D-4716-8330-AF1BE9D4EBE2"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:7.1.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "49182E05-9A60-42A6-ABB1-CFB451E536FD"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:7.1.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1CBB1158-43C3-4F96-B417-BD666E28527F"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:7.1.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F58E1519-3A26-44BB-825C-C0101A7EC10D"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:7.1.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "025343ED-25A7-4CED-BEE9-38F9D8341204"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:7.1.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "19D99873-FC74-4F40-B96E-8947FAFAA4CF"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:7.1.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C022D5B9-69A8-4C2D-9CEE-B286E6A60443"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:7.1.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB52D577-3BB4-484A-A6E8-2A3C1231A4E4"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:7.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "850B5013-FD12-48A3-8F42-131799BCE0B2"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:7.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "06E2C187-A323-45F8-B3E9-B770794616B3"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:7.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B398B42-77D8-4992-89B4-386010147157"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:7.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "286C77D0-7533-41F8-B642-74F737D030EA"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:7.2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "21BC8875-9FB0-4201-8830-F041661A5851"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:7.2.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1B0E74D0-224C-4B57-B08C-D4F19B0E65B4"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:7.2.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1340BDF8-AA43-4425-8EFC-0AD4FD817DAC"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:7.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "70DC0961-7D16-4516-A70C-BB8D1ECD1FB0"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:7.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F054055F-C59C-41C1-8D80-BFDBA4BE9C6C"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:7.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C37CE69F-78BF-4925-9234-B982B17A105E"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:7.3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "95C631DA-E2C3-47F0-A6E2-3B95B8AEDA0D"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:7.3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD56EDED-77B4-4C85-8834-3604166B7EB6"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:7.3.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB8A679D-419D-4BDE-BE77-559B53DBF5F5"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:7.3.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E72910C5-E19F-43E9-B595-C9232CA13430"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:7.3.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B2E08CC5-03FC-439B-87FF-0AA79E01D0BB"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:7.3.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB5A9B69-DA3A-466C-B2BC-15ADA9BBD459"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:7.3.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "954DD01D-03A1-4341-9819-AF0A65C61C96"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:7.3.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "285A3697-88C6-4C8D-8CF3-914F3697B8EF"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:7.3.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D38F1301-0496-4F61-9927-CB49AE5D66EE"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:7.3.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "30D1A318-63A8-47DB-927C-DD39198CFDA4"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:7.3.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AE21440E-B44A-4A77-B9D8-F984C349C8B2"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:7.3.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "58D966D4-A2BB-4864-B910-D73BB3E91950"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:7.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7F2767E8-6834-4EDD-BFC6-BDCE1FBDB5F8"
          },
          {
            "criteria": "cpe:2.3:a:rsyslog:rsyslog:7.5.0:devel:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F459606-1598-47F8-A031-51B6F49D6244"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References
