{
  "threat_severity" : "Moderate",
  "public_date" : "2017-04-19T00:00:00Z",
  "bugzilla" : {
    "description" : "rsyslog: imptcp: integer overflow when Octet-Counted TCP Framing is enabled",
    "id" : "1658366",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1658366"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.3",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
    "status" : "verified"
  },
  "cwe" : "CWE-190",
  "details" : [ "A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.", "A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash." ],
  "acknowledgement" : "Red Hat would like to thank Joel Miller (Pennsylvania Higher Education Assistance Agency) for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2019-08-06T00:00:00Z",
    "advisory" : "RHSA-2019:2110",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "rsyslog-0:8.24.0-38.el7"
  }, {
    "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
    "release_date" : "2019-08-15T00:00:00Z",
    "advisory" : "RHBA-2019:2501",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7::hypervisor",
    "package" : "rsyslog-0:8.24.0-41.el7_7"
  }, {
    "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
    "release_date" : "2019-08-12T00:00:00Z",
    "advisory" : "RHSA-2019:2437",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7::hypervisor",
    "package" : "imgbased-0:1.1.9-0.1.el7ev"
  }, {
    "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
    "release_date" : "2019-08-12T00:00:00Z",
    "advisory" : "RHSA-2019:2437",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7::hypervisor",
    "package" : "ovirt-node-ng-0:4.3.5-0.20190717.0.el7ev"
  }, {
    "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
    "release_date" : "2019-08-12T00:00:00Z",
    "advisory" : "RHSA-2019:2437",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7::hypervisor",
    "package" : "redhat-release-virtualization-host-0:4.3.5-2.el7ev"
  }, {
    "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
    "release_date" : "2019-08-12T00:00:00Z",
    "advisory" : "RHSA-2019:2437",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7::hypervisor",
    "package" : "redhat-virtualization-host-0:4.3.5-20190722.0.el7_7"
  }, {
    "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
    "release_date" : "2019-08-12T00:00:00Z",
    "advisory" : "RHSA-2019:2439",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7::hypervisor",
    "package" : "rhvm-appliance-0:4.3-20190722.0.el7"
  }, {
    "product_name" : "Red Hat Virtualization Engine 4.3",
    "release_date" : "2019-08-15T00:00:00Z",
    "advisory" : "RHBA-2019:2501",
    "cpe" : "cpe:/a:redhat:rhev_manager:4.3",
    "package" : "rsyslog-0:8.24.0-41.el7_7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "rsyslog",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "rsyslog5",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "rsyslog",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "rsyslog7",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "rsyslog",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2018-16881\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16881" ],
  "name" : "CVE-2018-16881",
  "mitigation" : {
    "value" : "This vulnerability requires the \"imptcp\" module to be enabled, and listening on a port that can potentially be reached by attackers. This module is not enabled by default in Red Hat Enterprise Linux 7. To check if imptcp is enabled, look for the string `$InputPTCPServerRun`in your rsyslog configuration.",
    "lang" : "en:us"
  },
  "csaw" : false
}