CVE-2019-17040

Summary

CVE	CVE-2019-17040
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2019-09-30 14:15:00 UTC
Updated	2023-11-07 03:06:00 UTC
Description	contrib/pmdb2diag/pmdb2diag.c in Rsyslog v8.1908.0 allows out-of-bounds access because the level length is mishandled.

Risk And Classification

Problem Types: CWE-125

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Rsyslog	Rsyslog	8.1908.0	All	All	All
Application	Rsyslog	Rsyslog	8.1908.0	All	All	All

References

Reference	Source	Link	Tags
[SECURITY] Fedora 30 Update: rsyslog-8.1911.0-1.fc30 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 31 Update: rsyslog-8.1911.0-1.fc31 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
rsyslog/ChangeLog at v8-stable · rsyslog/rsyslog · GitHub	CONFIRM	github.com
[SECURITY] Fedora 31 Update: rsyslog-8.1911.0-1.fc31 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
[SECURITY] Fedora 30 Update: rsyslog-8.1911.0-1.fc30 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
pmdb2diag : Out of bounds issue by pduveau · Pull Request #3875 · rsyslog/rsyslog · GitHub	MISC	github.com	Patch, Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

296073 Oracle Solaris 11.4 Support Repository Update (SRU) 24.75.2 Missing (CPUJUL2020)
500606 Alpine Linux Security Update for rsyslog
504366 Alpine Linux Security Update for rsyslog