Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Beginning with v2.4.0, CSV reporting can produce a segmentation fault on Enterprise Linux 8.x systems (Rocky, RHEL, CentOS)
See original GitHub issueHello!
It appears that scanning using versions after 2.3.7 can produce a segmentation fault on some systems running Enterprise Linux 8.x (including Rocky, CentOS, and RHEL) if CSV reporting is enabled.
Scanning an EL 8.x system using v2.5.1 with reporting disabled:
$ sudo /usr/local/bin/log4j2-scan --exclude-config /etc/sysconfig/log4scan-exclude.conf --silent /
Logpresso CVE-2021-44228 Vulnerability Scanner 2.5.1 (2021-12-21)
Scanning directory: / (without /dev, /dev/shm, /run, /sys/fs/cgroup, /tmp, /run/user/299601419)
[*] Found CVE-2021-44228 (log4j 2.x) vulnerability in <redacted>, log4j 2.11.0
[*] Found CVE-2021-44228 (log4j 2.x) vulnerability in <redacted>, log4j 2.11.0
[*] Found CVE-2021-44228 (log4j 2.x) vulnerability in <redacted>, log4j 2.13.3
[*] Found CVE-2021-44228 (log4j 2.x) vulnerability in <redacted>, log4j 2.13.3
[*] Found CVE-2021-45105 (log4j 2.x) vulnerability in <redacted>, log4j 2.16.0
[*] Found CVE-2021-45105 (log4j 2.x) vulnerability in <redacted>, log4j 2.16.0
[*] Found CVE-2021-45105 (log4j 2.x) vulnerability in <redacted>, log4j 2.16.0
Scanned 15848 directories and 113952 files
Found 7 vulnerable files
Found 0 potentially vulnerable files
Found 0 mitigated files
Completed in 62.75 seconds
Scanning the same EL 8.x system using v2.5.1 with CSV reporting enabled:
$ sudo /usr/local/bin/log4j2-scan --exclude-config /etc/sysconfig/log4scan-exclude.conf --report-csv --report-path /var/cache/log4j2-scan-results/log4j2_scan_report.csv --no-empty-report --silent /
Logpresso CVE-2021-44228 Vulnerability Scanner 2.5.1 (2021-12-21)
Scanning directory: / (without /dev, /dev/shm, /run, /sys/fs/cgroup, /tmp, /run/user/299601419)
[*] Found CVE-2021-44228 (log4j 2.x) vulnerability in <redacted>, log4j 2.11.0
[*] Found CVE-2021-44228 (log4j 2.x) vulnerability in <redacted>, log4j 2.11.0
[*] Found CVE-2021-44228 (log4j 2.x) vulnerability in <redacted>, log4j 2.13.3
[*] Found CVE-2021-44228 (log4j 2.x) vulnerability in <redacted>, log4j 2.13.3
[*] Found CVE-2021-45105 (log4j 2.x) vulnerability in <redacted>, log4j 2.16.0
[*] Found CVE-2021-45105 (log4j 2.x) vulnerability in <redacted>, log4j 2.16.0
[*] Found CVE-2021-45105 (log4j 2.x) vulnerability in <redacted>, log4j 2.16.0
zsh: segmentation fault sudo /usr/local/bin/log4j2-scan
Scanning the same EL 8.x using v2.3.7 with CSV reporting enabled:
$ sudo /usr/local/bin/log4j2-scan --exclude-config /etc/sysconfig/log4scan-exclude.conf --report-csv --report-path /var/cache/log4j2-scan-results/log4j2_scan_report.csv --no-empty-report --silent /
Logpresso CVE-2021-44228 Vulnerability Scanner 2.3.7 (2021-12-20)
Scanning directory: / (without /dev, /dev/shm, /run, /sys/fs/cgroup, /tmp, /run/user/299601419)
[*] Found CVE-2021-44228 (log4j 2.x) vulnerability in <redacted>, log4j 2.11.0
[*] Found CVE-2021-44228 (log4j 2.x) vulnerability in <redacted>, log4j 2.11.0
[*] Found CVE-2021-44228 (log4j 2.x) vulnerability in <redacted>, log4j 2.13.3
[*] Found CVE-2021-44228 (log4j 2.x) vulnerability in <redacted>, log4j 2.13.3
[*] Found CVE-2021-45105 (log4j 2.x) vulnerability in <redacted>, log4j 2.16.0
[*] Found CVE-2021-45105 (log4j 2.x) vulnerability in <redacted>, log4j 2.16.0
[*] Found CVE-2021-45105 (log4j 2.x) vulnerability in <redacted>, log4j 2.16.0
Scanned 15848 directories and 113953 files
Found 7 vulnerable files
Found 0 potentially vulnerable files
Found 0 mitigated files
Completed in 60.60 seconds
Thanks for the excellent work on this helpful tool!
Issue Analytics
- State:
- Created 2 years ago
- Comments:10 (5 by maintainers)
Top Results From Across the Web
RHEL8: systemd crashes with Segmentation Fault, causing ...
c:194 #2 <signal handler called> #3 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 #4 0x00007fc726d89db5 in __GI_abort () ...
Read more >Weird native image segfault using --static for HttpClient ...
Describe the issue Using 20.3.0.r11 I get an unexpected segfault. The main just uses a HttpClient (jdk 11) and access System.
Read more >Identify what's causing segmentation faults (segfaults)
Find out-of-bounds array references; Check shell limits; Use debuggers to diagnose segfaults. Overview. A segmentation fault (aka segfault) is a ...
Read more >Troubleshooting Omnibus GitLab installation issues
However, the package manager used in openSUSE and SLES operating systems may ... PostgreSQL error FATAL: could not create shared memory segment: Cannot ......
Read more >SECURE ENDPOINT PRIVATE CLOUD RELEASE NOTES
This version of the Secure Endpoint Windows connector is the last to support legacy operating systems such as Windows 7 and 8, Server...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Just plain glibc, I believe
@jadamcraig v2.6.0 release binary is reverted to dynamic link to prevent segmentation fault.