CVE-2020-8443

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to an off-by-one heap-based buffer overflow during the cleaning of crafted syslog msgs (received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted).

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to an off-by-one heap-based buffer overflow during the cleaning of crafted syslog msgs (received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted).

En OSSEC-HIDS versiones 2.7 hasta 3.5.0, el componente del servidor responsable del análisis de registro (ossec-analysisd) es vulnerable a un desbordamiento de búfer en la región heap de la memoria por un paso durante la limpieza de los mensajes syslog diseñados (recibidos desde agentes remotos autenticados y entregados a la cola de procesamiento de analysisd por ossec-remoted).