CVE-2019-17040: Critical severity suse rsyslog vulnerability
Published Sep 30, 2019
·Updated
contrib/pmdb2diag/pmdb2diag.c in Rsyslog v8.1908.0 allows out-of-bounds access because the level length is mishandled.
Affected Software
1 affected component
rsyslog Rsyslog=8.1908.0
Remediation
Patch Available
Event History
Sep 30, 2019
CVE Published
via MITRE·01:06 PM
Data Sourced
via MITRE·01:06 PM
Description
Frequently Asked Questions
1
What is the severity of CVE-2019-17040?
The severity of CVE-2019-17040 is critical with a CVSS score of 9.8.
2
How does CVE-2019-17040 affect Rsyslog?
CVE-2019-17040 affects Rsyslog v8.1908.0.
3
What is the CWE ID of CVE-2019-17040?
The CWE ID of CVE-2019-17040 is CWE-125.
4
How can I fix CVE-2019-17040?
To fix CVE-2019-17040, upgrade Rsyslog to a version later than v8.1908.0.
5
Where can I find more information about CVE-2019-17040?
You can find more information about CVE-2019-17040 at the following references: - [ChangeLog](https://github.com/rsyslog/rsyslog/blob/v8-stable/ChangeLog) - [Pull Request](https://github.com/rsyslog/rsyslog/pull/3875) - [Fedora Project Announcement](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KPNCHI7X2IEXRH6RYD6IDPR4PLB5RPC7/)