CVE-2014-3683

Published: Nov 2, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash) via a large priority (PRI) value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3634.

Affected (26)

Products: Rsyslog: Rsyslog · Sysklogd Project: Sysklogd

1 product

Sysklogd Project

1 product

Configuration A

20 vulnerable

Vulnerable Software	Affected Versions
Rsyslog Rsyslog	Up to 7.6.6
Rsyslog Rsyslog	Version 8.1.0
Rsyslog Rsyslog	Version 8.1.1
Rsyslog Rsyslog	Version 8.1.2
Rsyslog Rsyslog	Version 8.1.3
Rsyslog Rsyslog	Version 8.1.4
Rsyslog Rsyslog	Version 8.1.5
Rsyslog Rsyslog	Version 8.1.6
Rsyslog Rsyslog	Version 8.2.0
Rsyslog Rsyslog	Version 8.2.1
Rsyslog Rsyslog	Version 8.2.2
Rsyslog Rsyslog	Version 8.2.3
Rsyslog Rsyslog	Version 8.3.0
Rsyslog Rsyslog	Version 8.3.1
Rsyslog Rsyslog	Version 8.3.2
Rsyslog Rsyslog	Version 8.3.3
Rsyslog Rsyslog	Version 8.3.4
Rsyslog Rsyslog	Version 8.3.5
Rsyslog Rsyslog	Version 8.4.0
Rsyslog Rsyslog	Version 8.4.1

Configuration B

6 vulnerable

Vulnerable Software	Affected Versions
Sysklogd Project Sysklogd	Up to 1.5
Sysklogd Project Sysklogd	Version 1.1
Sysklogd Project Sysklogd	Version 1.2
Sysklogd Project Sysklogd	Version 1.3
Sysklogd Project Sysklogd	Version 1.4.1
Sysklogd Project Sysklogd	Version 1.4

Related CWEs

References (20)

http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00005.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-updates/2014-10/msg00020.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-updates/2014-10/msg00021.html

Source: secalert@redhat.com

http://secunia.com/advisories/61494

Source: secalert@redhat.com

http://www.debian.org/security/2014/dsa-3047

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2014/09/30/15

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2014/10/03/1

Source: secalert@redhat.com

Patch

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Source: secalert@redhat.com

http://www.rsyslog.com/remote-syslog-pri-vulnerability-cve-2014-3683/

Source: secalert@redhat.com

ExploitPatchVendor Advisory

http://www.ubuntu.com/usn/USN-2381-1

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00005.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2014-10/msg00020.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2014-10/msg00021.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/61494

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2014/dsa-3047

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2014/09/30/15

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2014/10/03/1

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.rsyslog.com/remote-syslog-pri-vulnerability-cve-2014-3683/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchVendor Advisory

http://www.ubuntu.com/usn/USN-2381-1

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.