CVE-2011-1489
5.5
MEDIUM
CVSS 3.1
EPSS 0.15%
Description
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages were logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset.
How to fix CVE-2011-1489
To remediate CVE-2011-1489, upgrade the affected package to a fixed version below.
- —upgrade to 5.7.6-1 or later
Is CVE-2011-1489 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 5.7.6-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |