CVE-2018-16881 — HIGH (7.5)

Q: How severe is CVE-2018-16881?

CVE-2018-16881 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-16881?

Check the references section above for vendor advisories and patch information. Affected products include: Rsyslog Rsyslog, Redhat Virtualization Manager, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux For Ibm Z Systems, Redhat Enterprise Linux For Power Big Endian.

Vulnerability Description

A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Rsyslog	Rsyslog	< 8.27.0
Redhat	Virtualization Manager	4.3
Redhat	Enterprise Linux Desktop	7.0
Redhat	Enterprise Linux For Ibm Z Systems	7.0
Redhat	Enterprise Linux For Power Big Endian	7.0
Redhat	Enterprise Linux For Power Little Endian	7.0
Redhat	Enterprise Linux For Scientific Computing	7.0
Redhat	Enterprise Linux Server	7.0
Redhat	Enterprise Linux Workstation	7.0
Redhat	Virtualization	4.0
Redhat	Virtualization Host	4.0
Redhat	Enterprise Linux	7.0
Debian	Debian Linux	9.0

Related Weaknesses (CWE)

CWE-190

References

https://access.redhat.com/errata/RHBA-2019:2501Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2110Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2437Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2439Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16881Issue TrackingMitigationPatch
https://lists.debian.org/debian-lts-announce/2022/05/msg00028.htmlMailing ListThird Party Advisory
https://access.redhat.com/errata/RHBA-2019:2501Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2110Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2437Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2439Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16881Issue TrackingMitigationPatch
https://lists.debian.org/debian-lts-announce/2022/05/msg00028.htmlMailing ListThird Party Advisory

FAQ

What is CVE-2018-16881?

CVE-2018-16881 is a vulnerability with a CVSS score of 7.5 (HIGH). A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions befor...

How severe is CVE-2018-16881?

CVE-2018-16881 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-16881?

Check the references section above for vendor advisories and patch information. Affected products include: Rsyslog Rsyslog, Redhat Virtualization Manager, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux For Ibm Z Systems, Redhat Enterprise Linux For Power Big Endian.