CVE-2011-3200

rsyslog 4.6.x < 4.6.8 and 5.2.0-5.8.4 - Denial of Service via Long TAG in Legacy Syslog Message

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-3200. Includes Metasploit module auxiliary/dos/syslog/rsyslog_long_tag.

AI-analyzed exploit summary This Metasploit module exploits an off-by-two overflow in rsyslog (CVE-2011-3200) by sending a malformed RFC3164 tag via UDP to trigger a denial-of-service (DoS) condition. The exploit targets versions 4.6.0 to 4.6.7/5.8.4 and is effective on systems like RHEL6.

Description

Stack-based buffer overflow in the parseLegacySyslogMsg function in tools/syslogd.c in rsyslogd in rsyslog 4.6.x before 4.6.8 and 5.2.0 through 5.8.4 might allow remote attackers to cause a denial of service (application exit) via a long TAG in a legacy syslog message.

Exploits (1)

metasploit WORKING POC

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/syslog/rsyslog_long_tag.rb

View Code ZIP pw:eip

This Metasploit module exploits an off-by-two overflow in rsyslog (CVE-2011-3200) by sending a malformed RFC3164 tag via UDP to trigger a denial-of-service (DoS) condition. The exploit targets versions 4.6.0 to 4.6.7/5.8.4 and is effective on systems like RHEL6.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: rsyslog 4.6.0 to 4.6.7/5.8.4

No auth needed

Prerequisites: Network access to UDP port 514

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (12)

Core 12

Core References

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/46027

Patch x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=727644

Patch, Vendor Advisory x_refsource_confirm

http://www.rsyslog.com/potential-dos-with-malformed-tag/

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1026000

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2011-09/msg00013.html

Various Sources x_refsource_confirm

http://git.adiscon.com/?p=rsyslog.git%3Ba=commit%3Bh=1ca6cc236d1dabf1633238b873fb1c057e52f95e

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2011-1247.html

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2011:134

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065941.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/49413

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065837.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/45922

Scores

EPSS 0.6508

EPSS Percentile 98.5%

Details

CWE

CWE-119

Status published

Products (50)

rsyslog/rsyslog 4.6.0

rsyslog/rsyslog 4.6.1

rsyslog/rsyslog 4.6.2

rsyslog/rsyslog 4.6.3

rsyslog/rsyslog 4.6.4

rsyslog/rsyslog 4.6.5

rsyslog/rsyslog 4.6.6

rsyslog/rsyslog 4.6.7

rsyslog/rsyslog 5.2.0

rsyslog/rsyslog 5.2.1

... and 40 more

Published Sep 06, 2011

Tracked Since Feb 18, 2026