First published: Mon Oct 07 2019(Updated: )
Rsyslog is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the contrib/pmaixforwardedfrom/pmaixforwardedfrom.c. By sending a specially-crafted message, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Data Risk Manager | <=2.0.6 | |
Rsyslog Rsyslog | =8.1908.0 | |
Debian Debian Linux | =9.0 | |
Fedoraproject Fedora | =30 | |
Fedoraproject Fedora | =31 | |
openSUSE Leap | =15.0 | |
openSUSE Leap | =15.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-17041 is a vulnerability in Rsyslog that allows for a heap-based buffer overflow due to improper bounds checking.
CVE-2019-17041 has a severity score of 9.8 out of 10, which is considered critical.
The affected software includes Rsyslog version 8.1908.0, IBM Data Risk Manager version up to 2.0.6, Debian Linux version 9.0, Fedora version 30 and 31, and openSUSE Leap version 15.0 and 15.1.
To fix CVE-2019-17041, it is recommended to apply the relevant patches provided by the respective vendors.
More information about CVE-2019-17041 can be found in the provided references: http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00031.html, http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00032.html, https://github.com/rsyslog/rsyslog/blob/v8-stable/ChangeLog