CVE-2019-17041: Buffer Overflow
First published: Mon Oct 07 2019(Updated: )
Rsyslog is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the contrib/pmaixforwardedfrom/pmaixforwardedfrom.c. By sending a specially-crafted message, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Data Risk Manager | <=2.0.6 | |
| Rsyslog Rsyslog | =8.1908.0 | |
| Debian Debian Linux | =9.0 | |
| Fedoraproject Fedora | =30 | |
| Fedoraproject Fedora | =31 | |
| openSUSE Leap | =15.0 | |
| openSUSE Leap | =15.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://exchange.xforce.ibmcloud.com/vulnerabilities/168504
- https://www.ibm.com/support/pages/node/6335281 (Advisory)
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00031.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00032.html
- https://github.com/rsyslog/rsyslog/blob/v8-stable/ChangeLog
- https://github.com/rsyslog/rsyslog/pull/3884
- https://lists.debian.org/debian-lts-announce/2021/11/msg00030.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KPNCHI7X2IEXRH6RYD6IDPR4PLB5RPC7/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6SUQE25RD37CD24BHKUWMG27U5RQ2FU/
Frequently Asked Questions
What is CVE-2019-17041?
CVE-2019-17041 is a vulnerability in Rsyslog that allows for a heap-based buffer overflow due to improper bounds checking.
What is the severity of CVE-2019-17041?
CVE-2019-17041 has a severity score of 9.8 out of 10, which is considered critical.
Which software is affected by CVE-2019-17041?
The affected software includes Rsyslog version 8.1908.0, IBM Data Risk Manager version up to 2.0.6, Debian Linux version 9.0, Fedora version 30 and 31, and openSUSE Leap version 15.0 and 15.1.
How can I fix CVE-2019-17041?
To fix CVE-2019-17041, it is recommended to apply the relevant patches provided by the respective vendors.
Where can I find more information about CVE-2019-17041?
More information about CVE-2019-17041 can be found in the provided references: http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00031.html, http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00032.html, https://github.com/rsyslog/rsyslog/blob/v8-stable/ChangeLog
- collector/ibm-support
- collector/nvd-index
- agent/references
- agent/weakness
- agent/tags
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/event
- agent/remedy
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- vendor/ibm
- canonical/ibm data risk manager
- version/ibm data risk manager/2.0.6
- vendor/rsyslog
- canonical/rsyslog rsyslog
- version/rsyslog rsyslog/8.1908.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/30
- version/fedoraproject fedora/31
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.0
- version/opensuse leap/15.1