CVE-2018-1000140

rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate.

packagechannelchannel versionpkg versionstatus
librelp
nixos-18.03
2019-02-20 10:25:14 UTC (cb0e20)1.2.14vulnerable
2019-01-16 18:00:31 UTC (138f2c)1.2.14vulnerable
2018-12-09 06:05:37 UTC (b551f8)1.2.14vulnerable
2018-11-29 21:00:31 UTC (a18112)1.2.14vulnerable
2018-11-28 06:10:25 UTC (9c96d1)1.2.14vulnerable
2018-11-23 12:45:42 UTC (e64482)1.2.14vulnerable
2018-11-20 12:35:27 UTC (947247)1.2.14vulnerable
2018-11-16 21:00:27 UTC (263f7b)1.2.14vulnerable
2018-11-14 10:35:19 UTC (1d8470)1.2.14vulnerable
2018-11-05 13:10:34 UTC (21b7f5)1.2.14vulnerable
2018-11-02 08:50:28 UTC (0e614d)1.2.14vulnerable
2018-10-30 16:25:07 UTC (19fc6d)1.2.14vulnerable
2018-10-30 14:40:31 UTC (6f07d2)1.2.14vulnerable
2018-10-28 11:35:42 UTC (b4e3a4)1.2.14vulnerable
2018-10-15 12:50:34 UTC (5d19e3)1.2.14vulnerable
2018-10-13 20:20:17 UTC (e85e0c)1.2.14vulnerable
2018-10-13 09:40:17 UTC (d592f2)1.2.14vulnerable
2018-10-11 15:15:08 UTC (5a38f7)1.2.14vulnerable
2018-10-09 11:20:30 UTC (c56ede)1.2.14vulnerable
2018-10-05 13:25:12 UTC (862fb5)1.2.14vulnerable
2018-10-05 13:00:32 UTC (c4eddc)1.2.14vulnerable
2018-09-21 06:10:31 UTC (d16a7a)1.2.14vulnerable
2018-09-19 17:10:27 UTC (8edf56)1.2.14vulnerable
2018-09-18 17:55:38 UTC (305f13)1.2.14vulnerable
2018-09-16 07:30:36 UTC (01f5e7)1.2.14vulnerable
2018-09-13 15:30:12 UTC (5f59ab)1.2.14vulnerable
2018-09-08 09:20:09 UTC (45f52f)1.2.14vulnerable
2018-09-02 21:10:32 UTC (8b92a4)1.2.14vulnerable
2018-09-02 14:20:10 UTC (8c172c)1.2.14vulnerable
2018-09-01 13:55:20 UTC (a960b8)1.2.14vulnerable
2018-08-31 04:20:38 UTC (a37638)1.2.14vulnerable
2018-08-29 17:10:10 UTC (edd63e)1.2.14vulnerable
2018-08-24 19:10:30 UTC (fde201)1.2.14vulnerable
2018-08-23 23:50:20 UTC (f094fd)1.2.14vulnerable
2018-08-19 18:15:22 UTC (4df342)1.2.14vulnerable
2018-08-18 23:45:22 UTC (47b68d)1.2.14vulnerable
2018-08-17 21:25:22 UTC (a4e068)1.2.14vulnerable
2018-08-17 14:30:05 UTC (cd0cd9)1.2.14vulnerable
2018-08-16 13:20:15 UTC (c1ef96)1.2.14vulnerable
2018-08-16 08:30:34 UTC (8b4ed6)1.2.14vulnerable
2018-08-15 15:40:37 UTC (5b8a24)1.2.14vulnerable
2018-08-15 05:50:22 UTC (66bd47)1.2.14vulnerable
2018-08-14 17:35:19 UTC (9cbc73)1.2.14vulnerable
2018-08-13 09:25:26 UTC (10b979)1.2.14vulnerable
2018-08-13 03:20:34 UTC (89ff9f)1.2.14vulnerable
2018-08-12 04:35:15 UTC (bfeab2)1.2.14vulnerable
2018-08-12 00:00:33 UTC (190ec7)1.2.14vulnerable
2018-08-10 22:20:22 UTC (e42c07)1.2.14vulnerable
2018-08-10 17:05:22 UTC (2c3f9c)1.2.14vulnerable
2018-08-09 21:05:22 UTC (3af001)1.2.14vulnerable
2018-08-07 05:10:16 UTC (230f98)1.2.14vulnerable
2018-08-03 03:05:12 UTC (d0c868)1.2.14vulnerable
2018-08-02 12:45:41 UTC (18401b)1.2.14vulnerable
2018-08-02 06:10:24 UTC (0e55dd)1.2.14vulnerable
2018-08-01 00:55:32 UTC (a1299c)1.2.14vulnerable
2018-07-31 16:00:28 UTC (b74b1c)1.2.14vulnerable
2018-07-30 09:15:16 UTC (6115f4)1.2.14vulnerable
2018-07-20 17:40:08 UTC (d6c6c7)1.2.14vulnerable
2018-07-12 04:35:08 UTC (411cc5)1.2.14vulnerable
2018-07-10 08:10:12 UTC (aec217)1.2.14vulnerable
2018-07-10 03:15:29 UTC (5e10df)1.2.14vulnerable
2018-07-09 02:40:20 UTC (e930c6)1.2.14vulnerable
2018-07-08 17:55:36 UTC (de7ca4)1.2.14vulnerable
2018-07-08 10:25:33 UTC (298e17)1.2.14vulnerable
2018-07-04 20:00:25 UTC (56fad1)1.2.14vulnerable
2018-06-30 13:55:14 UTC (2f06e0)1.2.14vulnerable
2018-06-29 17:10:06 UTC (0a70d6)1.2.14vulnerable
2018-06-25 10:30:35 UTC (94d80e)1.2.14vulnerable
2018-06-23 08:30:21 UTC (91b286)1.2.14vulnerable
2018-06-21 23:25:24 UTC (68e02f)1.2.14vulnerable
2018-06-17 01:05:39 UTC (14c248)1.2.14vulnerable
2018-06-16 09:40:33 UTC (f3c913)1.2.14vulnerable
2018-06-14 21:57:20 UTC (08d245)1.2.14vulnerable