Denial of Service Vulnerability in Balabit Syslog-ng
CVE-2011-1951

Currently unrated

Key Information:

Vendor: Oneidentity
Status: Syslog-ng
Vendor: CVE Published:; 11 July 2011

🔔 Create Oneidentity Vulnerability Alert

What is CVE-2011-1951?

A vulnerability in Balabit's Syslog-ng prior to version 3.2.4 allows remote attackers to trigger a denial of service through crafted messages. When using PCRE version 8.12 or potentially others, and with a specific global flag set, attackers can exploit the system by sending messages that fail to match a designated regular expression. This can lead to increased memory consumption, ultimately hindering system performance and availability.

References

http://git.balabit.hu/?p=bazsi/syslog-ng-3.2.git%3Ba=comm...

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=709088

x_refsource_MISC

http://www.openwall.com/lists/oss-security/2011/05/26/1

mailing-listx_refsource_MLIST

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 11, 2011
Vulnerability Reserved
May 9, 2011