CVE-2011-1490

A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset

Published: Nov 14, 2019
Updated: Apr 13, 2023
CVE: CVE-2011-1490
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-772

Affected Software
References

Software	From	Fixed in
rsyslog / rsyslog	-	5.7.6
debian / debian_linux	8.0	8.0.x
debian / debian_linux	9.0	9.0.x
debian / debian_linux	10.0	10.0.x
opensuse / opensuse	11.4	11.4.x

http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00005.html
https://access.redhat.com/security/cve/cve-2011-1490
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1490
https://github.com/rsyslog/rsyslog/commit/1ef709cc97d54f74d3fdeb83788cc4b01f4c6a2a
https://security-tracker.debian.org/tracker/CVE-2011-1490

Vulnerability Database

289,599

CVE-2011-1490