CVE Vulnerabilities

CVE-2014-3683

Published: Nov 02, 2014 | Modified: Oct 18, 2016
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash) via a large priority (PRI) value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3634.

Affected Software

Name Vendor Start Version End Version
Rsyslog Rsyslog 8.3.5 8.3.5
Rsyslog Rsyslog 8.2.2 8.2.2
Rsyslog Rsyslog 8.2.1 8.2.1
Rsyslog Rsyslog 8.2.3 8.2.3
Rsyslog Rsyslog 8.1.6 8.1.6
Rsyslog Rsyslog 8.1.2 8.1.2
Rsyslog Rsyslog 8.1.1 8.1.1
Rsyslog Rsyslog 8.4.1 8.4.1
Rsyslog Rsyslog 8.3.2 8.3.2
Rsyslog Rsyslog 8.3.4 8.3.4
Rsyslog Rsyslog 8.1.4 8.1.4
Rsyslog Rsyslog 8.3.3 8.3.3
Rsyslog Rsyslog 8.3.0 8.3.0
Rsyslog Rsyslog 8.4.0 8.4.0
Rsyslog Rsyslog 8.1.5 8.1.5
Rsyslog Rsyslog * 7.6.6
Rsyslog Rsyslog 8.1.0 8.1.0
Rsyslog Rsyslog 8.3.1 8.3.1
Rsyslog Rsyslog 8.1.3 8.1.3
Rsyslog Rsyslog 8.2.0 8.2.0

References