CVE-2014-3634

Published: Nov 2, 2014Modified: May 6, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access.

Affected (25)

Products: Sysklogd Project: Sysklogd · Rsyslog: Rsyslog

Sysklogd Project

1 product

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Sysklogd Project Sysklogd	Up to 1.5
Sysklogd Project Sysklogd	Version 1.1
Sysklogd Project Sysklogd	Version 1.2
Sysklogd Project Sysklogd	Version 1.3
Sysklogd Project Sysklogd	Version 1.4.1
Sysklogd Project Sysklogd	Version 1.4

Configuration B

19 vulnerable

Vulnerable Software	Affected Versions
Rsyslog Rsyslog	Up to 7.6.5
Rsyslog Rsyslog	Version 8.1.0
Rsyslog Rsyslog	Version 8.1.1
Rsyslog Rsyslog	Version 8.1.2
Rsyslog Rsyslog	Version 8.1.3
Rsyslog Rsyslog	Version 8.1.4
Rsyslog Rsyslog	Version 8.1.5
Rsyslog Rsyslog	Version 8.1.6
Rsyslog Rsyslog	Version 8.2.0
Rsyslog Rsyslog	Version 8.2.1
Rsyslog Rsyslog	Version 8.2.2
Rsyslog Rsyslog	Version 8.2.3
Rsyslog Rsyslog	Version 8.3.0
Rsyslog Rsyslog	Version 8.3.1
Rsyslog Rsyslog	Version 8.3.2
Rsyslog Rsyslog	Version 8.3.3
Rsyslog Rsyslog	Version 8.3.4
Rsyslog Rsyslog	Version 8.3.5
Rsyslog Rsyslog	Version 8.4.0

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (36)

http://advisories.mageia.org/MGASA-2014-0411.html

Source: secalert@redhat.com

http://linux.oracle.com/errata/ELSA-2014-1654

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00005.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-updates/2014-10/msg00020.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-updates/2014-10/msg00021.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2014-1397.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2014-1654.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2014-1671.html

Source: secalert@redhat.com

http://secunia.com/advisories/61494

Source: secalert@redhat.com

http://secunia.com/advisories/61720

Source: secalert@redhat.com

http://secunia.com/advisories/61930

Source: secalert@redhat.com

http://www.debian.org/security/2014/dsa-3040

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2015:130

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2014/09/30/15

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2014/10/03/1

Source: secalert@redhat.com

Patch

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Source: secalert@redhat.com

http://www.rsyslog.com/remote-syslog-pri-vulnerability/

Source: secalert@redhat.com

ExploitPatchVendor Advisory

http://www.ubuntu.com/usn/USN-2381-1

Source: secalert@redhat.com

http://advisories.mageia.org/MGASA-2014-0411.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://linux.oracle.com/errata/ELSA-2014-1654

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00005.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2014-10/msg00020.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2014-10/msg00021.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2014-1397.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2014-1654.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2014-1671.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/61494

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/61720

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/61930

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2014/dsa-3040

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2015:130

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2014/09/30/15

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2014/10/03/1

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.rsyslog.com/remote-syslog-pri-vulnerability/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchVendor Advisory

http://www.ubuntu.com/usn/USN-2381-1

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.