5.5
CVE-2011-1489
- EPSS 0.47%
- Veröffentlicht 14.11.2019 02:15:10
- Zuletzt bearbeitet 21.11.2024 01:26:25
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages were logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.47% | 0.372 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:L/AC:L/Au:N/C:N/I:N/A:P
|
CWE-772 Missing Release of Resource after Effective Lifetime
The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00005.html
https://github.com/rsyslog/rsyslog/commit/1ef709cc97d54f74d3fdeb83788cc4b01f4c6a2a
https://access.redhat.com/security/cve/cve-2011-1489
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1489
https://security-tracker.debian.org/tracker/CVE-2011-1489