CVE-2014-3634

CVE-2014-3634 and CVE-2014-3683 affect rsyslog (and sysklogd prior to 1.5). A crafted PRI value can trigger out-of-bounds/heap-based access, leading to denial of service and potentially remote code execution. In practice, rsyslog versions affected include 7.x before 7.6.7 and 8.x before 8.4.2 (an...

CVE-2014-3683

CVE-2014-3683 is an rsyslog-related integer overflow vulnerability: rsyslog before 7.6.7 and 8.x before 8.4.2 (and sysklogd 1.5 and earlier) can crash the daemon when processing a crafted high PRI value, enabling a remote DoS. The issue stems from an incomplete fix for CVE-2014-3634. Public advis...