Vulnerability Details : CVE-2011-1490
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset
Exploit prediction scoring system (EPSS) score for CVE-2011-1490
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-1490
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:N/A:P |
3.9
|
2.9
|
NIST |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2011-1490
-
The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-1490
-
https://github.com/rsyslog/rsyslog/commit/1ef709cc97d54f74d3fdeb83788cc4b01f4c6a2a
bugfix: fixed a memory leak and potential abort condition · rsyslog/rsyslog@1ef709c · GitHubPatch;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1490
694126 – (CVE-2011-1489, CVE-2011-1490) CVE-2011-1489 CVE-2011-1490 rsyslog: Memory leak when multiple rulesets usedIssue Tracking;Third Party Advisory
-
https://access.redhat.com/security/cve/cve-2011-1490
Red Hat Customer PortalThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00005.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2011:007Mailing List;Third Party Advisory
-
https://security-tracker.debian.org/tracker/CVE-2011-1490
Third Party Advisory
Products affected by CVE-2011-1490
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:rsyslog:rsyslog:*:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*