Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
Remote / Network Access,
Local / Remote,
Denial of Service,
Loss of Integrity,
Loss of Availability
Apache Log4net contains a flaw that may allow a remote denial of service. The issue is triggered due to an unspecified format string error in LocalSyslogAppender which may corrupt system memory resulting in loss of availability for the service.
Upgrade to version 1.2.10 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.