CVE-2014-3683

Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash) via a large priority (PRI) value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3634.

Affected Software

Name	Vendor	Start Version	End Version
Rsyslog	Rsyslog	*	7.6.6
Rsyslog	Rsyslog	8.1.0	8.1.0
Rsyslog	Rsyslog	8.1.1	8.1.1
Rsyslog	Rsyslog	8.1.2	8.1.2
Rsyslog	Rsyslog	8.1.3	8.1.3
Rsyslog	Rsyslog	8.1.4	8.1.4
Rsyslog	Rsyslog	8.1.5	8.1.5
Rsyslog	Rsyslog	8.1.6	8.1.6
Rsyslog	Rsyslog	8.2.0	8.2.0
Rsyslog	Rsyslog	8.2.1	8.2.1
Rsyslog	Rsyslog	8.2.2	8.2.2
Rsyslog	Rsyslog	8.2.3	8.2.3
Rsyslog	Rsyslog	8.3.0	8.3.0
Rsyslog	Rsyslog	8.3.1	8.3.1
Rsyslog	Rsyslog	8.3.2	8.3.2
Rsyslog	Rsyslog	8.3.3	8.3.3
Rsyslog	Rsyslog	8.3.4	8.3.4
Rsyslog	Rsyslog	8.3.5	8.3.5
Rsyslog	Rsyslog	8.4.0	8.4.0
Rsyslog	Rsyslog	8.4.1	8.4.1
Rsyslog	Ubuntu	devel	*
Rsyslog	Ubuntu	esm-infra/xenial	*
Rsyslog	Ubuntu	lucid	*
Rsyslog	Ubuntu	precise	*
Rsyslog	Ubuntu	precise/esm	*
Rsyslog	Ubuntu	trusty	*
Rsyslog	Ubuntu	trusty/esm	*
Rsyslog	Ubuntu	upstream	*
Rsyslog	Ubuntu	utopic	*
Rsyslog	Ubuntu	vivid	*
Rsyslog	Ubuntu	vivid/stable-phone-overlay	*
Rsyslog	Ubuntu	vivid/ubuntu-core	*
Rsyslog	Ubuntu	wily	*
Rsyslog	Ubuntu	xenial	*
Rsyslog	Ubuntu	yakkety	*
Rsyslog	Ubuntu	zesty	*
Sysklogd	Ubuntu	lucid	*
Sysklogd	Ubuntu	precise	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-3683
CWE	https://cwe.mitre.org/data/definitions/189.html

Affected Software

References