{"id":"ALPINE-CVE-2019-17040","details":"contrib/pmdb2diag/pmdb2diag.c in Rsyslog v8.1908.0 allows out-of-bounds access because the level length is mishandled.","modified":"2025-12-03T22:48:05.794816Z","published":"2019-09-30T14:15:14.873Z","upstream":["CVE-2019-17040"],"references":[{"type":"ADVISORY","url":"https://security.alpinelinux.org/vuln/CVE-2019-17040"}],"affected":[{"package":{"name":"rsyslog","ecosystem":"Alpine:v3.11","purl":"pkg:apk/alpine/rsyslog?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.1908.0-r1"}]}],"versions":["5.6.2-r0","5.8.0-r0","5.8.0-r1","5.8.5-r0","5.8.7-r0","5.8.7-r1","6.2.0-r0","6.2.2-r0","6.2.2-r1","6.2.2-r2","6.2.2-r3","6.4.2-r0","6.4.2-r1","6.4.2-r2","8.16.0-r0","8.18.0-r0","8.1904.0-r0","8.1908.0-r0","8.2.1-r0","8.2.2-r0","8.20.0-r0","8.20.0-r1","8.23.0-r0","8.24.0-r0","8.25.0-r0","8.26.0-r0","8.27.0-r0","8.30.0-r0","8.31.0-r0","8.31.0-r1","8.33.1-r0","8.33.1-r1","8.34.0-r0","8.36.0-r0","8.37.0-r0","8.4.1-r0","8.4.2-r0","8.4.2-r1","8.40.0-r0","8.40.0-r1","8.40.0-r2","8.40.0-r3","8.7.0-r0","8.9.0-r0","8.9.0-r1","8.9.0-r2"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2019-17040.json"}},{"package":{"name":"rsyslog","ecosystem":"Alpine:v3.12","purl":"pkg:apk/alpine/rsyslog?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.1908.0-r1"}]}],"versions":["5.6.2-r0","5.8.0-r0","5.8.0-r1","5.8.5-r0","5.8.7-r0","5.8.7-r1","6.2.0-r0","6.2.2-r0","6.2.2-r1","6.2.2-r2","6.2.2-r3","6.4.2-r0","6.4.2-r1","6.4.2-r2","8.16.0-r0","8.18.0-r0","8.1904.0-r0","8.1908.0-r0","8.2.1-r0","8.2.2-r0","8.20.0-r0","8.20.0-r1","8.23.0-r0","8.24.0-r0","8.25.0-r0","8.26.0-r0","8.27.0-r0","8.30.0-r0","8.31.0-r0","8.31.0-r1","8.33.1-r0","8.33.1-r1","8.34.0-r0","8.36.0-r0","8.37.0-r0","8.4.1-r0","8.4.2-r0","8.4.2-r1","8.40.0-r0","8.40.0-r1","8.40.0-r2","8.40.0-r3","8.7.0-r0","8.9.0-r0","8.9.0-r1","8.9.0-r2"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2019-17040.json"}},{"package":{"name":"rsyslog","ecosystem":"Alpine:v3.13","purl":"pkg:apk/alpine/rsyslog?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.1908.0-r1"}]}],"versions":["5.6.2-r0","5.8.0-r0","5.8.0-r1","5.8.5-r0","5.8.7-r0","5.8.7-r1","6.2.0-r0","6.2.2-r0","6.2.2-r1","6.2.2-r2","6.2.2-r3","6.4.2-r0","6.4.2-r1","6.4.2-r2","8.16.0-r0","8.18.0-r0","8.1904.0-r0","8.1908.0-r0","8.2.1-r0","8.2.2-r0","8.20.0-r0","8.20.0-r1","8.23.0-r0","8.24.0-r0","8.25.0-r0","8.26.0-r0","8.27.0-r0","8.30.0-r0","8.31.0-r0","8.31.0-r1","8.33.1-r0","8.33.1-r1","8.34.0-r0","8.36.0-r0","8.37.0-r0","8.4.1-r0","8.4.2-r0","8.4.2-r1","8.40.0-r0","8.40.0-r1","8.40.0-r2","8.40.0-r3","8.7.0-r0","8.9.0-r0","8.9.0-r1","8.9.0-r2"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2019-17040.json"}},{"package":{"name":"rsyslog","ecosystem":"Alpine:v3.14","purl":"pkg:apk/alpine/rsyslog?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.1908.0-r1"}]}],"versions":["5.6.2-r0","5.8.0-r0","5.8.0-r1","5.8.5-r0","5.8.7-r0","5.8.7-r1","6.2.0-r0","6.2.2-r0","6.2.2-r1","6.2.2-r2","6.2.2-r3","6.4.2-r0","6.4.2-r1","6.4.2-r2","8.16.0-r0","8.18.0-r0","8.1904.0-r0","8.1908.0-r0","8.2.1-r0","8.2.2-r0","8.20.0-r0","8.20.0-r1","8.23.0-r0","8.24.0-r0","8.25.0-r0","8.26.0-r0","8.27.0-r0","8.30.0-r0","8.31.0-r0","8.31.0-r1","8.33.1-r0","8.33.1-r1","8.34.0-r0","8.36.0-r0","8.37.0-r0","8.4.1-r0","8.4.2-r0","8.4.2-r1","8.40.0-r0","8.40.0-r1","8.40.0-r2","8.40.0-r3","8.7.0-r0","8.9.0-r0","8.9.0-r1","8.9.0-r2"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2019-17040.json"}},{"package":{"name":"rsyslog","ecosystem":"Alpine:v3.15","purl":"pkg:apk/alpine/rsyslog?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.1908.0-r1"}]}],"versions":["5.6.2-r0","5.8.0-r0","5.8.0-r1","5.8.5-r0","5.8.7-r0","5.8.7-r1","6.2.0-r0","6.2.2-r0","6.2.2-r1","6.2.2-r2","6.2.2-r3","6.4.2-r0","6.4.2-r1","6.4.2-r2","8.16.0-r0","8.18.0-r0","8.1904.0-r0","8.1908.0-r0","8.2.1-r0","8.2.2-r0","8.20.0-r0","8.20.0-r1","8.23.0-r0","8.24.0-r0","8.25.0-r0","8.26.0-r0","8.27.0-r0","8.30.0-r0","8.31.0-r0","8.31.0-r1","8.33.1-r0","8.33.1-r1","8.34.0-r0","8.36.0-r0","8.37.0-r0","8.4.1-r0","8.4.2-r0","8.4.2-r1","8.40.0-r0","8.40.0-r1","8.40.0-r2","8.40.0-r3","8.7.0-r0","8.9.0-r0","8.9.0-r1","8.9.0-r2"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2019-17040.json"}},{"package":{"name":"rsyslog","ecosystem":"Alpine:v3.16","purl":"pkg:apk/alpine/rsyslog?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.1908.0-r1"}]}],"versions":["5.6.2-r0","5.8.0-r0","5.8.0-r1","5.8.5-r0","5.8.7-r0","5.8.7-r1","6.2.0-r0","6.2.2-r0","6.2.2-r1","6.2.2-r2","6.2.2-r3","6.4.2-r0","6.4.2-r1","6.4.2-r2","8.16.0-r0","8.18.0-r0","8.1904.0-r0","8.1908.0-r0","8.2.1-r0","8.2.2-r0","8.20.0-r0","8.20.0-r1","8.23.0-r0","8.24.0-r0","8.25.0-r0","8.26.0-r0","8.27.0-r0","8.30.0-r0","8.31.0-r0","8.31.0-r1","8.33.1-r0","8.33.1-r1","8.34.0-r0","8.36.0-r0","8.37.0-r0","8.4.1-r0","8.4.2-r0","8.4.2-r1","8.40.0-r0","8.40.0-r1","8.40.0-r2","8.40.0-r3","8.7.0-r0","8.9.0-r0","8.9.0-r1","8.9.0-r2"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2019-17040.json"}},{"package":{"name":"rsyslog","ecosystem":"Alpine:v3.17","purl":"pkg:apk/alpine/rsyslog?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.1908.0-r1"}]}],"versions":["5.6.2-r0","5.8.0-r0","5.8.0-r1","5.8.5-r0","5.8.7-r0","5.8.7-r1","6.2.0-r0","6.2.2-r0","6.2.2-r1","6.2.2-r2","6.2.2-r3","6.4.2-r0","6.4.2-r1","6.4.2-r2","8.16.0-r0","8.18.0-r0","8.1904.0-r0","8.1908.0-r0","8.2.1-r0","8.2.2-r0","8.20.0-r0","8.20.0-r1","8.23.0-r0","8.24.0-r0","8.25.0-r0","8.26.0-r0","8.27.0-r0","8.30.0-r0","8.31.0-r0","8.31.0-r1","8.33.1-r0","8.33.1-r1","8.34.0-r0","8.36.0-r0","8.37.0-r0","8.4.1-r0","8.4.2-r0","8.4.2-r1","8.40.0-r0","8.40.0-r1","8.40.0-r2","8.40.0-r3","8.7.0-r0","8.9.0-r0","8.9.0-r1","8.9.0-r2"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2019-17040.json"}},{"package":{"name":"rsyslog","ecosystem":"Alpine:v3.18","purl":"pkg:apk/alpine/rsyslog?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.1908.0-r1"}]}],"versions":["5.6.2-r0","5.8.0-r0","5.8.0-r1","5.8.5-r0","5.8.7-r0","5.8.7-r1","6.2.0-r0","6.2.2-r0","6.2.2-r1","6.2.2-r2","6.2.2-r3","6.4.2-r0","6.4.2-r1","6.4.2-r2","8.16.0-r0","8.18.0-r0","8.1904.0-r0","8.1908.0-r0","8.2.1-r0","8.2.2-r0","8.20.0-r0","8.20.0-r1","8.23.0-r0","8.24.0-r0","8.25.0-r0","8.26.0-r0","8.27.0-r0","8.30.0-r0","8.31.0-r0","8.31.0-r1","8.33.1-r0","8.33.1-r1","8.34.0-r0","8.36.0-r0","8.37.0-r0","8.4.1-r0","8.4.2-r0","8.4.2-r1","8.40.0-r0","8.40.0-r1","8.40.0-r2","8.40.0-r3","8.7.0-r0","8.9.0-r0","8.9.0-r1","8.9.0-r2"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2019-17040.json"}},{"package":{"name":"rsyslog","ecosystem":"Alpine:v3.19","purl":"pkg:apk/alpine/rsyslog?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.1908.0-r1"}]}],"versions":["5.6.2-r0","5.8.0-r0","5.8.0-r1","5.8.5-r0","5.8.7-r0","5.8.7-r1","6.2.0-r0","6.2.2-r0","6.2.2-r1","6.2.2-r2","6.2.2-r3","6.4.2-r0","6.4.2-r1","6.4.2-r2","8.16.0-r0","8.18.0-r0","8.1904.0-r0","8.1908.0-r0","8.2.1-r0","8.2.2-r0","8.20.0-r0","8.20.0-r1","8.23.0-r0","8.24.0-r0","8.25.0-r0","8.26.0-r0","8.27.0-r0","8.30.0-r0","8.31.0-r0","8.31.0-r1","8.33.1-r0","8.33.1-r1","8.34.0-r0","8.36.0-r0","8.37.0-r0","8.4.1-r0","8.4.2-r0","8.4.2-r1","8.40.0-r0","8.40.0-r1","8.40.0-r2","8.40.0-r3","8.7.0-r0","8.9.0-r0","8.9.0-r1","8.9.0-r2"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2019-17040.json"}},{"package":{"name":"rsyslog","ecosystem":"Alpine:v3.20","purl":"pkg:apk/alpine/rsyslog?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.1908.0-r1"}]}],"versions":["5.6.2-r0","5.8.0-r0","5.8.0-r1","5.8.5-r0","5.8.7-r0","5.8.7-r1","6.2.0-r0","6.2.2-r0","6.2.2-r1","6.2.2-r2","6.2.2-r3","6.4.2-r0","6.4.2-r1","6.4.2-r2","8.16.0-r0","8.18.0-r0","8.1904.0-r0","8.1908.0-r0","8.2.1-r0","8.2.2-r0","8.20.0-r0","8.20.0-r1","8.23.0-r0","8.24.0-r0","8.25.0-r0","8.26.0-r0","8.27.0-r0","8.30.0-r0","8.31.0-r0","8.31.0-r1","8.33.1-r0","8.33.1-r1","8.34.0-r0","8.36.0-r0","8.37.0-r0","8.4.1-r0","8.4.2-r0","8.4.2-r1","8.40.0-r0","8.40.0-r1","8.40.0-r2","8.40.0-r3","8.7.0-r0","8.9.0-r0","8.9.0-r1","8.9.0-r2"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2019-17040.json"}},{"package":{"name":"rsyslog","ecosystem":"Alpine:v3.21","purl":"pkg:apk/alpine/rsyslog?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.1908.0-r1"}]}],"versions":["5.6.2-r0","5.8.0-r0","5.8.0-r1","5.8.5-r0","5.8.7-r0","5.8.7-r1","6.2.0-r0","6.2.2-r0","6.2.2-r1","6.2.2-r2","6.2.2-r3","6.4.2-r0","6.4.2-r1","6.4.2-r2","8.16.0-r0","8.18.0-r0","8.1904.0-r0","8.1908.0-r0","8.2.1-r0","8.2.2-r0","8.20.0-r0","8.20.0-r1","8.23.0-r0","8.24.0-r0","8.25.0-r0","8.26.0-r0","8.27.0-r0","8.30.0-r0","8.31.0-r0","8.31.0-r1","8.33.1-r0","8.33.1-r1","8.34.0-r0","8.36.0-r0","8.37.0-r0","8.4.1-r0","8.4.2-r0","8.4.2-r1","8.40.0-r0","8.40.0-r1","8.40.0-r2","8.40.0-r3","8.7.0-r0","8.9.0-r0","8.9.0-r1","8.9.0-r2"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2019-17040.json"}},{"package":{"name":"rsyslog","ecosystem":"Alpine:v3.22","purl":"pkg:apk/alpine/rsyslog?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.1908.0-r1"}]}],"versions":["5.6.2-r0","5.8.0-r0","5.8.0-r1","5.8.5-r0","5.8.7-r0","5.8.7-r1","6.2.0-r0","6.2.2-r0","6.2.2-r1","6.2.2-r2","6.2.2-r3","6.4.2-r0","6.4.2-r1","6.4.2-r2","8.16.0-r0","8.18.0-r0","8.1904.0-r0","8.1908.0-r0","8.2.1-r0","8.2.2-r0","8.20.0-r0","8.20.0-r1","8.23.0-r0","8.24.0-r0","8.25.0-r0","8.26.0-r0","8.27.0-r0","8.30.0-r0","8.31.0-r0","8.31.0-r1","8.33.1-r0","8.33.1-r1","8.34.0-r0","8.36.0-r0","8.37.0-r0","8.4.1-r0","8.4.2-r0","8.4.2-r1","8.40.0-r0","8.40.0-r1","8.40.0-r2","8.40.0-r3","8.7.0-r0","8.9.0-r0","8.9.0-r1","8.9.0-r2"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2019-17040.json"}},{"package":{"name":"rsyslog","ecosystem":"Alpine:v3.23","purl":"pkg:apk/alpine/rsyslog?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.1908.0-r1"}]}],"versions":["5.6.2-r0","5.8.0-r0","5.8.0-r1","5.8.5-r0","5.8.7-r0","5.8.7-r1","6.2.0-r0","6.2.2-r0","6.2.2-r1","6.2.2-r2","6.2.2-r3","6.4.2-r0","6.4.2-r1","6.4.2-r2","8.16.0-r0","8.18.0-r0","8.1904.0-r0","8.1908.0-r0","8.2.1-r0","8.2.2-r0","8.20.0-r0","8.20.0-r1","8.23.0-r0","8.24.0-r0","8.25.0-r0","8.26.0-r0","8.27.0-r0","8.30.0-r0","8.31.0-r0","8.31.0-r1","8.33.1-r0","8.33.1-r1","8.34.0-r0","8.36.0-r0","8.37.0-r0","8.4.1-r0","8.4.2-r0","8.4.2-r1","8.40.0-r0","8.40.0-r1","8.40.0-r2","8.40.0-r3","8.7.0-r0","8.9.0-r0","8.9.0-r1","8.9.0-r2"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2019-17040.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}