{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2018-1000140","assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","dateUpdated":"2024-08-05T12:33:49.313Z","dateReserved":"2018-03-23T00:00:00.000Z","datePublished":"2018-03-23T00:00:00.000Z"},"containers":{"cna":{"dateAssigned":"2018-03-20T00:00:00.000Z","providerMetadata":{"orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre","dateUpdated":"2023-06-12T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate."}],"affected":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}],"references":[{"name":"USN-3612-1","tags":["vendor-advisory"],"url":"https://usn.ubuntu.com/3612-1/"},{"name":"GLSA-201804-21","tags":["vendor-advisory"],"url":"https://security.gentoo.org/glsa/201804-21"},{"url":"https://github.com/rsyslog/librelp/blob/532aa362f0f7a8d037505b0a27a1df452f9bac9e/src/tcp.c#L1205"},{"name":"RHSA-2018:1703","tags":["vendor-advisory"],"url":"https://access.redhat.com/errata/RHSA-2018:1703"},{"name":"RHSA-2018:1704","tags":["vendor-advisory"],"url":"https://access.redhat.com/errata/RHSA-2018:1704"},{"name":"RHSA-2018:1702","tags":["vendor-advisory"],"url":"https://access.redhat.com/errata/RHSA-2018:1702"},{"name":"RHSA-2018:1225","tags":["vendor-advisory"],"url":"https://access.redhat.com/errata/RHSA-2018:1225"},{"name":"RHSA-2018:1707","tags":["vendor-advisory"],"url":"https://access.redhat.com/errata/RHSA-2018:1707"},{"url":"https://lgtm.com/rules/1505913226124/"},{"name":"RHSA-2018:1223","tags":["vendor-advisory"],"url":"https://access.redhat.com/errata/RHSA-2018:1223"},{"name":"DSA-4151","tags":["vendor-advisory"],"url":"https://www.debian.org/security/2018/dsa-4151"},{"name":"RHSA-2018:1701","tags":["vendor-advisory"],"url":"https://access.redhat.com/errata/RHSA-2018:1701"},{"url":"http://packetstormsecurity.com/files/172829/librelp-Remote-Code-Execution.html"}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"n/a"}]}],"datePublic":"2018-03-23T00:00:00.000Z"},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-05T12:33:49.313Z"},"title":"CVE Program Container","references":[{"name":"USN-3612-1","tags":["vendor-advisory","x_transferred"],"url":"https://usn.ubuntu.com/3612-1/"},{"name":"GLSA-201804-21","tags":["vendor-advisory","x_transferred"],"url":"https://security.gentoo.org/glsa/201804-21"},{"url":"https://github.com/rsyslog/librelp/blob/532aa362f0f7a8d037505b0a27a1df452f9bac9e/src/tcp.c#L1205","tags":["x_transferred"]},{"name":"RHSA-2018:1703","tags":["vendor-advisory","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2018:1703"},{"name":"RHSA-2018:1704","tags":["vendor-advisory","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2018:1704"},{"name":"RHSA-2018:1702","tags":["vendor-advisory","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2018:1702"},{"name":"RHSA-2018:1225","tags":["vendor-advisory","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2018:1225"},{"name":"RHSA-2018:1707","tags":["vendor-advisory","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2018:1707"},{"url":"https://lgtm.com/rules/1505913226124/","tags":["x_transferred"]},{"name":"RHSA-2018:1223","tags":["vendor-advisory","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2018:1223"},{"name":"DSA-4151","tags":["vendor-advisory","x_transferred"],"url":"https://www.debian.org/security/2018/dsa-4151"},{"name":"RHSA-2018:1701","tags":["vendor-advisory","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2018:1701"},{"url":"http://packetstormsecurity.com/files/172829/librelp-Remote-Code-Execution.html","tags":["x_transferred"]}]}]}}