CVE-2026-55556
Public on 2026-06-25
Modified on 2026-06-25
Description
The issue is in the HTTP Basic Authentication parser used by imhttp. When decoding an oversized Basic Authentication header, instead of allocating
len bytes. If imhttp Basic Authentication was enabled, a remote client able to
reach the imhttp listener could trigger heap memory corruption. The practical
expected impact is denial of service; stronger impact would depend on platform,
allocator behavior, compiler options, and process hardening.
len bytes. If imhttp Basic Authentication was enabled, a remote client able to
reach the imhttp listener could trigger heap memory corruption. The practical
expected impact is denial of service; stronger impact would depend on platform,
allocator behavior, compiler options, and process hardening.
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2 - Core | rsyslog | Not Affected | ||
| Amazon Linux 2023 | rsyslog | Not Affected |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 5.9 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |