REDHAT-BUG-709088

First published: Mon May 30 2011(Updated: )

A denial of service flaw was found in the way syslog-ng processed certain log patterns, when 'global' flag was speficied and PCRE backend was used for matching. A remote attacker could use this flaw to cause excessive memory use by the syslog-ng process via specially-crafted pattern. References: [1] <a href="http://www.securityfocus.com/bid/47800/info">http://www.securityfocus.com/bid/47800/info</a> [2] <a href="https://lists.balabit.hu/pipermail/syslog-ng/2011-May/016576.html">https://lists.balabit.hu/pipermail/syslog-ng/2011-May/016576.html</a> Upstream patch: [3] <a href="http://git.balabit.hu/?p=bazsi/syslog-ng-3.2.git;a=commit;h=09710c0b105e579d35c7b5f6c66d1ea5e3a3d3ff">http://git.balabit.hu/?p=bazsi/syslog-ng-3.2.git;a=commit;h=09710c0b105e579d35c7b5f6c66d1ea5e3a3d3ff</a>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/type
• agent/last-modified-date
• agent/first-publish-date
• collector/redhat-bugzilla
• source/Red Hat
• alias/CVE-2011-1951
• agent/severity
• agent/references
• agent/description
• agent/event
• agent/trending
• agent/source
• agent/softwarecombine
• agent/tags
• agent/guess-ai
• agent/software-canonical-lookup
• agent/software-canonical-lookup-request
• vendor/balabit
• canonical/balabit syslog-ng open source edition