Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash) via a large priority (PRI) value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3634.

References

lists.opensuse.org/opensuse-security-announce/2014-10/msg00005.html

lists.opensuse.org/opensuse-updates/2014-10/msg00020.html

lists.opensuse.org/opensuse-updates/2014-10/msg00021.html

secunia.com/advisories/61494

www.debian.org/security/2014/dsa-3047

www.openwall.com/lists/oss-security/2014/09/30/15

www.openwall.com/lists/oss-security/2014/10/03/1

www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

www.rsyslog.com/remote-syslog-pri-vulnerability-cve-2014-3683/

www.ubuntu.com/usn/USN-2381-1

nessus 36

securityvulns 2

suse 1

openvas 23

debiancve 2

aix 1

nvd 3

altlinux 1

osv 4

ubuntu 1

debian 3

prion 3

ubuntucve 2

ibm 2

cve 3

gentoo 1

checkpoint_advisories 1

archlinux 2

oraclelinux 3

amazon 3

f5 1

mageia 1

freebsd 1

redhat 3

fedora 5

veracode 1

centos 3

cvelist 1

nessus

AIX rsyslog Advisory : rsyslog_advisory.asc

2014-12-02 00:00:00

Debian DSA-3047-1 : rsyslog - security update

2014-10-09 00:00:00

Mandriva Linux Security Advisory : rsyslog (MDVSA-2014:196)

2014-10-22 00:00:00

securityvulns

rsyslog DoS

2014-10-05 00:00:00

[SECURITY] [DSA 3040-1] rsyslog security update

2014-10-05 00:00:00

suse

Security update for rsyslog (important)

2014-10-15 00:04:46

openvas

Debian: Security Advisory (DSA-3047-1)

2014-10-07 00:00:00

Ubuntu: Security Advisory (USN-2381-1)

2014-10-10 00:00:00

SUSE: Security Advisory (SUSE-SU-2014:1438-1)

2021-04-19 00:00:00

debiancve

CVE-2014-3683

2014-11-02 00:55:05

CVE-2014-3634

2014-11-02 00:55:05

aix

Open Source RSyslog vulnerability

2014-11-14 15:31:13

nvd

CVE-2014-3683

2014-11-02 00:55:05

CVE-2014-3634

2014-11-02 00:55:05

CVE-2014-6388

2014-10-13 18:55:01

altlinux

Security fix for the ALT Linux 7 package rsyslog version 7.6.7-alt0.M70P.1

2014-10-13 00:00:00

osv

rsyslog - security update

2014-10-08 00:00:00

rsyslog - regression update

2014-10-19 00:00:00

rsyslog - security update

2014-10-19 00:00:00

ubuntu

Rsyslog vulnerabilities

2014-10-09 00:00:00

debian

[SECURITY] [DSA 3047-1] rsyslog security update

2014-10-08 11:09:01

[SECURITY] [DLA 72-1] rsylog security update

2014-10-19 17:00:31

[SECURITY] [DSA 3040-1] rsyslog security update

2014-09-30 21:13:13

prion

Integer overflow

2014-11-02 00:55:00

Out-of-bounds

2014-11-02 00:55:00

Design/Logic Flaw

2014-10-13 18:55:00

ubuntucve

CVE-2014-3683

2014-10-02 00:00:00

CVE-2014-3634

2014-10-01 00:00:00

ibm

Security Bulletin: Multiple vulnerabilities in rsyslog affect IBM Flex System Manager (FSM): (CVE-2014-3634 and CVE-2014-3683)

2019-01-31 01:45:01

Security Bulletin: Vulnerability in rsyslog affects SmartCloud Provisioning 2.1 for IBM Provided Software Virtual Appliance (CVE-2014-3634)

2018-06-17 22:30:12

cve

CVE-2014-3683

2014-11-02 00:55:05

CVE-2014-3634

2014-11-02 00:55:05

CVE-2014-6388

2014-10-13 18:55:01

gentoo

RSYSLOG: Denial of service

2014-12-24 00:00:00

checkpoint_advisories

RSYSLOG PRI Value Parsing Integer Overflow Denial of Service (CVE-2014-3683)

2014-12-02 00:00:00

archlinux

rsyslog: remote denial of service

2014-10-08 00:00:00

rsyslog: remote denial of service

2014-10-01 00:00:00

oraclelinux

rsyslog5 and rsyslog security update

2014-10-20 00:00:00

rsyslog security update

2014-10-13 00:00:00

rsyslog7 security update

2014-10-21 00:00:00

amazon

Medium: rsyslog

2014-11-11 10:26:00

Important: rsyslog

2022-05-31 23:50:00

Important: rsyslog

2022-05-31 23:47:00

K42903299 : rsyslog: remote syslog PRI vulnerability CVE-2014-3634

2017-07-06 00:00:00

mageia

Updated rsyslog packages fix CVE-2014-3634

2014-10-09 18:39:32

freebsd

rsyslog -- remote syslog PRI vulnerability

2014-09-30 00:00:00

redhat

(RHSA-2014:1397) Important: rsyslog security update

2014-10-13 00:00:00

(RHSA-2014:1654) Important: rsyslog7 security update

2014-10-16 00:00:00

(RHSA-2014:1671) Moderate: rsyslog5 and rsyslog security update

2014-10-20 00:00:00

fedora

[SECURITY] Fedora 20 Update: rsyslog-7.4.8-2.fc20

2014-10-16 02:02:22

[SECURITY] Fedora 19 Update: sysklogd-1.5-18.fc19

2014-10-27 03:28:59

[SECURITY] Fedora 20 Update: sysklogd-1.5-18.fc20

2014-10-27 03:28:07

veracode

Remote Code Execution (RCE)

2019-01-15 09:02:37

centos

rsyslog, rsyslog5 security update

2014-10-21 15:10:11

rsyslog7 security update

2014-10-20 18:15:12

rsyslog security update

2014-10-13 19:45:27

cvelist

CVE-2014-3634

2014-11-02 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

8 High

AI Score

Confidence

High

0.228 Low

EPSS

Percentile

96.5%

JSON

Related for CVELIST:CVE-2014-3683