{"id":"CVE-2019-17040","details":"contrib/pmdb2diag/pmdb2diag.c in Rsyslog v8.1908.0 allows out-of-bounds access because the level length is mishandled.","modified":"2026-04-10T04:15:59.037179Z","published":"2019-09-30T14:15:14.873Z","references":[{"type":"WEB","url":"https://github.com/rsyslog/rsyslog/blob/v8-stable/ChangeLog"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPNCHI7X2IEXRH6RYD6IDPR4PLB5RPC7/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6SUQE25RD37CD24BHKUWMG27U5RQ2FU/"},{"type":"FIX","url":"https://github.com/rsyslog/rsyslog/pull/3875"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/rsyslog/rsyslog","events":[{"introduced":"0"},{"last_affected":"e7d081a363578e20245bfeeaad42d4a1c4a3ce47"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"8.1908.0"}]}}],"versions":["v7.5.1","v7.5.2","v7.5.3","v8.1.6","v8.10.0","v8.12.0","v8.13.0","v8.18.0","v8.19.0","v8.1901.0","v8.1905.0","v8.1907.0","v8.1908.0","v8.20.0","v8.21.0","v8.22.0","v8.23.0","v8.24.0","v8.25.0","v8.26.0","v8.27.0","v8.28.0","v8.29.0","v8.3.0","v8.3.1","v8.3.2","v8.3.3","v8.3.4","v8.3.5","v8.30.0","v8.31.0","v8.32.0","v8.33.0","v8.33.1","v8.34.0","v8.35.0","v8.36.0","v8.37.0","v8.38.0","v8.39.0","v8.4.0","v8.4.1","v8.4.2","v8.40.0","v8.9.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-17040.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}