CVE-2011-1489
Summary
| CVE | CVE-2011-1489 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-11-14 02:15:00 UTC |
| Updated | 2020-08-18 15:05:00 UTC |
| Description | A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages were logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset. |
Risk And Classification
Problem Types: CWE-772
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Debian | Debian Linux | 10.0 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Debian | Debian Linux | 10.0 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Opensuse | Opensuse | 11.4 | All | All | All |
| Operating System | Opensuse | Opensuse | 11.4 | All | All | All |
| Application | Rsyslog | Rsyslog | All | All | All | All |
| Application | Rsyslog | Rsyslog | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| bugfix: fixed a memory leak and potential abort condition · rsyslog/rsyslog@1ef709c · GitHub | MISC | github.com | Patch, Third Party Advisory |
| CVE-2011-1489 - Red Hat Customer Portal | MISC | access.redhat.com | Exploit, Patch, Third Party Advisory |
| [security-announce] SUSE Security Summary Report: SUSE-SR:2011:007 | MISC | lists.opensuse.org | Mailing List, Third Party Advisory |
| CVE-2011-1489 | MISC | security-tracker.debian.org | Third Party Advisory |
| 694126 – (CVE-2011-1489, CVE-2011-1490) CVE-2011-1489 CVE-2011-1490 rsyslog: Memory leak when multiple rulesets used | MISC | bugzilla.redhat.com | Issue Tracking, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.