Alpine: multiple rsyslog packages: security update to 5.8.0-r1 (deprecated)

critical Tenable Self-Hosted Container Security Plugin ID 401309

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- Stack-based buffer overflow in the parseLegacySyslogMsg function in tools/syslogd.c in rsyslogd in rsyslog
4.6.x before 4.6.8 and 5.2.0 through 5.8.4 might allow remote attackers to cause a denial of service
(application exit) via a long TAG in a legacy syslog message. (CVE-2011-3200)

See Also

https://git.alpinelinux.org/aports/commit/?id=418507cde87697c99286d24958d2f37bd1ea9c23

https://git.alpinelinux.org/aports/commit/?id=8a62113e3179626aa0e74d46633596bec32b1861

Plugin Details

Severity: Critical

ID: 401309

Version: Revision 1.24

Type: Local

Published: 8/16/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.15

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2011-3200

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 9/21/2011

Vulnerability Publication Date: 9/1/2011

Reference Information

CVE: CVE-2011-3200

BID: 49413