CVE-2018-16881 MEDIUM

CVE-2018-16881

Vendor The Rsyslog Project
Product rsyslog:
Weakness CWE-190
Published January 25, 2019
Last update August 5, 2024

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.

Key dates

02Disclosure timeline

January 25, 2019 CVE published
August 5, 2024 Record updated