CVE-2014-3683

Published: 02 October 2014

Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash) via a large priority (PRI) value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3634.

Priority

Medium

Status

Package Release Status
rsyslog
Launchpad, Ubuntu, Debian
Upstream
Released (8.4.2,7.6.7)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (7.4.4-1ubuntu11)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (7.4.4-1ubuntu2.3)
Ubuntu 12.04 ESM (Precise Pangolin)
Released (5.8.6-1ubuntu8.9)
sysklogd
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Ubuntu 12.04 ESM (Precise Pangolin) Does not exist
(precise was needed)