SB2026062428 - Heap-based buffer overflow in rsyslog
Published: June 24, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Heap-based buffer overflow (CVE-ID: CVE-2026-55556)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to a heap-based buffer overflow in parse_auth_header() in the imhttp module when processing a crafted HTTP Basic Authorization header. A remote attacker can send a single crafted HTTP request to cause a denial of service.
Only deployments where the optional imhttp module is installed, explicitly loaded, and configured with HTTP Basic Authentication for an endpoint are vulnerable.
Remediation
Install update from vendor's website.