CVE-2013-4758

{"id": "CVE-2013-4758", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-10-04T17:55:09.947", "references": [{"url": "http://www.openwall.com/lists/oss-security/2013/07/05/2", "source": "cve@mitre.org"}, {"url": "http://www.rsyslog.com/rsyslog-7-4-2-v7-stable-released/", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.rsyslog.com/rsyslog-7-5-2-v7-devel-released/", "tags": ["Patch"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-399"}]}], "descriptions": [{"lang": "en", "value": "Double free vulnerability in the writeDataError function in the ElasticSearch plugin (omelasticsearch) in rsyslog before 7.4.2 and before 7.5.2 devel, when errorfile is set to local logging, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted JSON response."}, {"lang": "es", "value": "Vulnerabilidad de doble liberaci\u00f3n en la funci\u00f3n writeDataError en el plugin Elasticsearch (omelasticsearch) en rsyslog anterior a 7.4.2 y anterior a 7.5.2 devel, cuando un errorfile se establece en el registro de log local, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una respuesta JSON dise\u00f1ada."}], "lastModified": "2013-10-07T14:29:11.187", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rsyslog:rsyslog:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDE20FE1-56D8-4D3C-B4A2-EE2B75ACFA62", "versionEndIncluding": "7.4.1"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:*:devel:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D028081-DAF7-4D78-872C-C13F83680212", "versionEndIncluding": "7.5.1"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:6.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9508A76B-701A-4C14-9C04-4E28929BDA14"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:6.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93CD9481-10CF-43FF-83FA-D2DA2AF511FB"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:6.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF4C2FA1-BAFC-434C-82EA-66F184188E23"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:7.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F42492F4-4733-4B79-A772-E1FEE6B94720"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:7.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8641BF6-2DA2-4921-96C1-75BE79C53848"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:7.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F784088F-B978-4884-A8DB-78EF80D8F084"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:7.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D32E4647-4082-4570-90A4-C99B5C10FB19"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:7.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DBF9A496-300B-4BA8-B0D1-8C462433E0F1"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:7.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CFC40422-9D3D-4716-8330-AF1BE9D4EBE2"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:7.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49182E05-9A60-42A6-ABB1-CFB451E536FD"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:7.1.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1CBB1158-43C3-4F96-B417-BD666E28527F"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:7.1.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F58E1519-3A26-44BB-825C-C0101A7EC10D"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:7.1.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "025343ED-25A7-4CED-BEE9-38F9D8341204"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:7.1.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19D99873-FC74-4F40-B96E-8947FAFAA4CF"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:7.1.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C022D5B9-69A8-4C2D-9CEE-B286E6A60443"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:7.1.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB52D577-3BB4-484A-A6E8-2A3C1231A4E4"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:7.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "850B5013-FD12-48A3-8F42-131799BCE0B2"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:7.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06E2C187-A323-45F8-B3E9-B770794616B3"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:7.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B398B42-77D8-4992-89B4-386010147157"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:7.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "286C77D0-7533-41F8-B642-74F737D030EA"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:7.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "21BC8875-9FB0-4201-8830-F041661A5851"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:7.2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B0E74D0-224C-4B57-B08C-D4F19B0E65B4"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:7.2.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1340BDF8-AA43-4425-8EFC-0AD4FD817DAC"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:7.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70DC0961-7D16-4516-A70C-BB8D1ECD1FB0"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:7.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F054055F-C59C-41C1-8D80-BFDBA4BE9C6C"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:7.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C37CE69F-78BF-4925-9234-B982B17A105E"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:7.3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95C631DA-E2C3-47F0-A6E2-3B95B8AEDA0D"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:7.3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD56EDED-77B4-4C85-8834-3604166B7EB6"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:7.3.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB8A679D-419D-4BDE-BE77-559B53DBF5F5"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:7.3.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E72910C5-E19F-43E9-B595-C9232CA13430"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:7.3.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2E08CC5-03FC-439B-87FF-0AA79E01D0BB"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:7.3.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB5A9B69-DA3A-466C-B2BC-15ADA9BBD459"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:7.3.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "954DD01D-03A1-4341-9819-AF0A65C61C96"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:7.3.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "285A3697-88C6-4C8D-8CF3-914F3697B8EF"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:7.3.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D38F1301-0496-4F61-9927-CB49AE5D66EE"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:7.3.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30D1A318-63A8-47DB-927C-DD39198CFDA4"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:7.3.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE21440E-B44A-4A77-B9D8-F984C349C8B2"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:7.3.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58D966D4-A2BB-4864-B910-D73BB3E91950"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:7.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F2767E8-6834-4EDD-BFC6-BDCE1FBDB5F8"}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:7.5.0:devel:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F459606-1598-47F8-A031-51B6F49D6244"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}