Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd
1.5 and earlier allows remote attackers to cause a denial of service
(crash) via a large priority (PRI) value. NOTE: this vulnerability exists
because of an incomplete fix for CVE-2014-3634.
Author | Note |
---|---|
mdeslaur | incomplete fix for CVE-2014-3634 |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | rsyslog | < 4.2.0-2ubuntu8.3 | UNKNOWN |
ubuntu | 12.04 | noarch | rsyslog | < 5.8.6-1ubuntu8.9 | UNKNOWN |
ubuntu | 14.04 | noarch | rsyslog | < 7.4.4-1ubuntu2.3 | UNKNOWN |
ubuntu | 14.10 | noarch | rsyslog | < 7.4.4-1ubuntu11 | UNKNOWN |
ubuntu | 15.04 | noarch | rsyslog | < 7.4.4-1ubuntu11 | UNKNOWN |
ubuntu | 15.10 | noarch | rsyslog | < 7.4.4-1ubuntu11 | UNKNOWN |
ubuntu | 16.04 | noarch | rsyslog | < 7.4.4-1ubuntu11 | UNKNOWN |
ubuntu | 16.10 | noarch | rsyslog | < 7.4.4-1ubuntu11 | UNKNOWN |
ubuntu | 17.04 | noarch | rsyslog | < 7.4.4-1ubuntu11 | UNKNOWN |