CVE-2011-1490
MEDIUMrsyslog < 5.7.6 - Denial of Service via Memory Leak in Ruleset Processing
Title source: llmDescription
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset
References (5)
Core 5
Core References
Third Party Advisory x_refsource_misc
https://security-tracker.debian.org/tracker/CVE-2011-1490
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1490
Third Party Advisory x_refsource_misc
https://access.redhat.com/security/cve/cve-2011-1490
Mailing List, Third Party Advisory x_refsource_misc
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00005.html
Patch, Third Party Advisory x_refsource_misc
https://github.com/rsyslog/rsyslog/commit/1ef709cc97d54f74d3fdeb83788cc4b01f4c6a2a
Scores
CVSS v3
5.5
EPSS
0.0038
EPSS Percentile
29.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-772
Status
published
Products (5)
debian/debian_linux
8.0
debian/debian_linux
9.0
debian/debian_linux
10.0
opensuse/opensuse
11.4
rsyslog/rsyslog
< 5.7.6
Published
Nov 14, 2019
Tracked Since
Feb 18, 2026