ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a use after free. A remote unauthenticated attacker can crash the ELOG server by sending multiple HTTP POST requests which causes the ELOG function retrieve_url() to use a freed variable.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: tenable

Published: 2019-12-17T21:59:06

Updated: 2024-08-04T19:26:27.635Z

Reserved: 2019-01-03T00:00:00

Link: CVE-2019-3994

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-12-17T22:15:11.263

Modified: 2024-11-21T04:43:01.367

Link: CVE-2019-3994

cve-icon Redhat

No data.