Denial of Service Vulnerability in OSSEC-HIDS by OSSEC
CVE-2020-8448

5.5MEDIUM

Key Information:

Vendor

Ossec

Status
Ossec
Vendor
CVE Published:
30 January 2020

What is CVE-2020-8448?

In versions 2.7 to 3.5.0 of OSSEC-HIDS, a vulnerability exists in the server component responsible for log analysis, known as ossec-analysisd. This flaw enables a local user to exploit crafted messages directed at the UNIX domain socket of analysisd, resulting in a denial of service through a NULL pointer dereference. Mitigating this vulnerability is essential to ensure the integrity and availability of log analysis operations in affected systems.

References

https://github.com/ossec/ossec-hids/issues/1821
x_refsource_MISC
https://www.ossec.net/
x_refsource_MISC
https://github.com/ossec/ossec-hids/issues/1815
x_refsource_MISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.