CVE-2011-1488
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when $RepeatedMsgReduction was enabled. A local attacker could use this flaw to cause a denial of the rsyslogd daemon service by crashing the service via a sequence of repeated log messages sent within short periods of time.
Se encontró una pérdida de memoria en rsyslog versiones anteriores a la versión 5.7.6, en la manera en que son registrados los mensajes de log procesados ??en el demonio cuando $RepeatedMsgReduction fue habilitada. Un atacante local podría usar este fallo para causar una denegación de servicio del demonio de rsyslogd al bloquear el servicio mediante una secuencia de mensajes de log repetidos enviados dentro de períodos cortos de tiempo.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-03-21 CVE Reserved
- 2019-11-14 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-772: Missing Release of Resource after Effective Lifetime
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00005.html | Mailing List |
|
| https://access.redhat.com/security/cve/cve-2011-1488 | Third Party Advisory | |
| https://github.com/rsyslog/rsyslog/commit/1ef709cc97d54f74d3fdeb83788cc4b01f4c6a2a | X_refsource_misc | |
| https://security-tracker.debian.org/tracker/CVE-2011-1488 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1488 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Rsyslog Search vendor "Rsyslog" | Rsyslog Search vendor "Rsyslog" for product "Rsyslog" | < 5.7.6 Search vendor "Rsyslog" for product "Rsyslog" and version " < 5.7.6" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 11.4 Search vendor "Opensuse" for product "Opensuse" and version "11.4" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||