Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-ybfq-unp3-dbav
Vulnerability ID VCID-ybfq-unp3-dbav
Aliases CVE-2022-24903
Summary A vulnerability has been discovered in rsyslog, which could possibly lead to remote code execution.
Status Published
Exploitability 0.5
Weighted Severity 7.3
Risk 3.6
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-787 Out-of-bounds Write
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
System Score Found at
cvssv3 8.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24903.json
epss 0.00501 https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss 0.00501 https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss 0.00501 https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss 0.00501 https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss 0.00501 https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss 0.00501 https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss 0.00501 https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss 0.00501 https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss 0.00781 https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss 0.00781 https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss 0.00781 https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss 0.00781 https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss 0.00781 https://api.first.org/data/v1/epss?cve=CVE-2022-24903
epss 0.00781 https://api.first.org/data/v1/epss?cve=CVE-2022-24903
cvssv3.1 8.1 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 8.1 https://github.com/rsyslog/rsyslog/commit/f211042ecbb472f9d8beb4678a65d272b6f07705
ssvc Track https://github.com/rsyslog/rsyslog/commit/f211042ecbb472f9d8beb4678a65d272b6f07705
cvssv3.1 8.1 https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8
ssvc Track https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8
cvssv3.1 8.1 https://lists.debian.org/debian-lts-announce/2022/05/msg00028.html
ssvc Track https://lists.debian.org/debian-lts-announce/2022/05/msg00028.html
cvssv3.1 8.1 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GMNNXLCU2UORRVSZO24HL4KMVPK5PHVW/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GMNNXLCU2UORRVSZO24HL4KMVPK5PHVW/
cvssv3.1 8.1 https://security.netapp.com/advisory/ntap-20221111-0002/
ssvc Track https://security.netapp.com/advisory/ntap-20221111-0002/
cvssv3.1 8.1 https://www.debian.org/security/2022/dsa-5150
ssvc Track https://www.debian.org/security/2022/dsa-5150
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24903.json
https://api.first.org/data/v1/epss?cve=CVE-2022-24903
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24903
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1010619 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010619
2081353 https://bugzilla.redhat.com/show_bug.cgi?id=2081353
dsa-5150 https://www.debian.org/security/2022/dsa-5150
f211042ecbb472f9d8beb4678a65d272b6f07705 https://github.com/rsyslog/rsyslog/commit/f211042ecbb472f9d8beb4678a65d272b6f07705
GHSA-ggw7-xr6h-mmr8 https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8
GLSA-202408-28 https://security.gentoo.org/glsa/202408-28
GMNNXLCU2UORRVSZO24HL4KMVPK5PHVW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GMNNXLCU2UORRVSZO24HL4KMVPK5PHVW/
ntap-20221111-0002 https://security.netapp.com/advisory/ntap-20221111-0002/
RHSA-2022:4795 https://access.redhat.com/errata/RHSA-2022:4795
RHSA-2022:4799 https://access.redhat.com/errata/RHSA-2022:4799
RHSA-2022:4800 https://access.redhat.com/errata/RHSA-2022:4800
RHSA-2022:4801 https://access.redhat.com/errata/RHSA-2022:4801
RHSA-2022:4802 https://access.redhat.com/errata/RHSA-2022:4802
RHSA-2022:4803 https://access.redhat.com/errata/RHSA-2022:4803
RHSA-2022:4808 https://access.redhat.com/errata/RHSA-2022:4808
RHSA-2022:4896 https://access.redhat.com/errata/RHSA-2022:4896
RHSA-2022:5439 https://access.redhat.com/errata/RHSA-2022:5439
USN-5404-1 https://usn.ubuntu.com/5404-1/
USN-5404-2 https://usn.ubuntu.com/5404-2/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24903.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/rsyslog/rsyslog/commit/f211042ecbb472f9d8beb4678a65d272b6f07705
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:53:40Z/ Found at https://github.com/rsyslog/rsyslog/commit/f211042ecbb472f9d8beb4678a65d272b6f07705
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:53:40Z/ Found at https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2022/05/msg00028.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:53:40Z/ Found at https://lists.debian.org/debian-lts-announce/2022/05/msg00028.html
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GMNNXLCU2UORRVSZO24HL4KMVPK5PHVW/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:53:40Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GMNNXLCU2UORRVSZO24HL4KMVPK5PHVW/
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://security.netapp.com/advisory/ntap-20221111-0002/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:53:40Z/ Found at https://security.netapp.com/advisory/ntap-20221111-0002/
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.debian.org/security/2022/dsa-5150
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:53:40Z/ Found at https://www.debian.org/security/2022/dsa-5150
Exploit Prediction Scoring System (EPSS)
Percentile 0.66034
EPSS Score 0.00501
Published At April 12, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:11:56.437415+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/202408-28 38.0.0