Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Heap based buffer flow in zlog v1.1.0 to v1.2.17 in zlog_rule_new().The size of record_name is MAXLEN_PATH(1024) + 1 but file_path may have data upto MAXLEN_CFG_LINE(MAXLEN_PATH*4) + 1. So a check was missing in zlog_rule_new() while copying the record_name from file_path + 1 which caused the buffer overflow. An attacker can exploit this vulnerability to overwrite the zlog_record_fn record_func function pointer to get arbitrary code execution or potentially cause remote code execution (RCE).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
zlog 安全漏洞
Vulnerability Description
zlog是中国Hardy Simpson个人开发者的一个可靠、高性能、线程安全、灵活、模型清晰的纯 C 日志库。 zlog 1.2.16版本存在安全漏洞。攻击者利用该漏洞可以执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A