CVE-2011-1489
MEDIUMrsyslog < 5.7.6 - Denial of Service via Memory Leak in Multi-Ruleset Log Processing
Title source: llmDescription
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages were logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset.
References (5)
Core 5
Core References
Third Party Advisory x_refsource_misc
https://security-tracker.debian.org/tracker/CVE-2011-1489
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1489
Exploit, Patch, Third Party Advisory x_refsource_misc
https://access.redhat.com/security/cve/cve-2011-1489
Mailing List, Third Party Advisory x_refsource_misc
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00005.html
Patch, Third Party Advisory x_refsource_misc
https://github.com/rsyslog/rsyslog/commit/1ef709cc97d54f74d3fdeb83788cc4b01f4c6a2a
Scores
CVSS v3
5.5
EPSS
0.0047
EPSS Percentile
37.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-772
Status
published
Products (5)
debian/debian_linux
8.0
debian/debian_linux
9.0
debian/debian_linux
10.0
opensuse/opensuse
11.4
rsyslog/rsyslog
< 5.7.6
Published
Nov 14, 2019
Tracked Since
Feb 18, 2026