CVE-2011-4623
EPSS 0.09%
Description
Integer overflow in the rsCStrExtendBuf function in runtime/stringbuf.c in the imfile module in rsyslog 4.x before 4.6.6, 5.x before 5.7.4, and 6.x before 6.1.4 allows local users to cause a denial of service (daemon hang) via a large file, which triggers a heap-based buffer overflow.
How to fix CVE-2011-4623
To remediate CVE-2011-4623, upgrade the affected package to a fixed version below.
- Debian/rsyslog—upgrade to 5.7.4-1 or later
Is CVE-2011-4623 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 5.7.4-1