CVE-2014-3683 — Integer Overflow or Wraparound in Rsyslog

CWE-190 — Integer Overflow or Wraparound10 documents8 sources

Severity

5.0MEDIUMNVD

CNA7.5OSV7.5

EPSS

2.9%

top 13.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Rsyslog Sysklogd Project Sysklogd

Timeline

PublishedNov 2

Latest updateMay 17

Description

Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash) via a large priority (PRI) value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3634.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶Debianrsyslog/rsyslog< 8.4.2-1+3

▶Ubuntursyslog/rsyslog< 7.4.4-1ubuntu2.3

▶NVDrsyslog/rsyslog7.6.6+19

▶NVDsysklogd_project/sysklogd1.5+5

Patches

Patch: www.openwall.com ↗Patch: www.rsyslog.com ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-cj25-wc2v-fhxm: Integer overflow in rsyslog before 7↗2022-05-17

▶

OSV

CVE-2014-3683: Integer overflow in rsyslog before 7↗2014-11-02

▶

CVEList

CVE-2014-3683: Integer overflow in rsyslog before 7↗2014-11-02

▶

OSV

rsyslog vulnerabilities↗2014-10-09

▶

📋Vendor Advisories

Ubuntu

Rsyslog vulnerabilities↗2014-10-09

▶

Red Hat

rsyslog: integer overflow in PRI parsing↗2014-10-02

▶

Debian

CVE-2014-3683: rsyslog - Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 a...↗2014

▶

💬Community

Bugzilla

CVE-2014-3683 rsyslog: integer overflow in PRI parsing↗2014-10-03

▶

Bugzilla

CVE-2014-3634 rsyslog: remote syslog PRI vulnerability↗2014-09-16

▶