PT-2019-6627 · Rsyslog · Rsyslog

Rgerhards

Published

2019-11-14

Updated

2020-08-18

CVE-2011-1490

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions rsyslog versions prior to 5.7.6

Description A memory leak was found in the way the rsyslog daemon processed log messages when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. This could allow a local attacker to cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset.

Recommendations For versions prior to 5.7.6, update to version 5.7.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of multiple rulesets to minimize the risk of exploitation.

Fix

Missing Release of Resource after Effective Lifetime

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-772

Related Identifiers

CVE-2011-1490

Affected Products

Rsyslog

PT-2019-6627 · Rsyslog · Rsyslog

CVE-2011-1490

Weakness Enumeration

Related Identifiers

Affected Products

References · 9