CVE-2014-3634

rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
VendorProductVersion
sysklogd_projectsysklogd
𝑥
≤ 1.5
sysklogd_projectsysklogd
1.1
sysklogd_projectsysklogd
1.2
sysklogd_projectsysklogd
1.3
sysklogd_projectsysklogd
1.4
sysklogd_projectsysklogd
1.4.1
rsyslogrsyslog
𝑥
≤ 7.6.5
rsyslogrsyslog
8.1.0
rsyslogrsyslog
8.1.1
rsyslogrsyslog
8.1.2
rsyslogrsyslog
8.1.3
rsyslogrsyslog
8.1.4
rsyslogrsyslog
8.1.5
rsyslogrsyslog
8.1.6
rsyslogrsyslog
8.2.0
rsyslogrsyslog
8.2.1
rsyslogrsyslog
8.2.2
rsyslogrsyslog
8.2.3
rsyslogrsyslog
8.3.0
rsyslogrsyslog
8.3.1
rsyslogrsyslog
8.3.2
rsyslogrsyslog
8.3.3
rsyslogrsyslog
8.3.4
rsyslogrsyslog
8.3.5
rsyslogrsyslog
8.4.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
inetutils
bullseye
2:2.0-1+deb11u2
fixed
wheezy
no-dsa
squeeze
no-dsa
bookworm
2:2.4-2+deb12u1
fixed
sid
2:2.5-5
fixed
trixie
2:2.5-5
fixed
rsyslog
bullseye (security)
8.2102.0-2+deb11u1
fixed
bullseye
8.2102.0-2+deb11u1
fixed
wheezy
no-dsa
squeeze
no-dsa
bookworm
8.2302.0-1
fixed
sid
8.2410.0-1
fixed
trixie
8.2410.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
rsyslog
zesty
Fixed 7.4.4-1ubuntu11
released
yakkety
Fixed 7.4.4-1ubuntu11
released
xenial
Fixed 7.4.4-1ubuntu11
released
wily
Fixed 7.4.4-1ubuntu11
released
vivid
Fixed 7.4.4-1ubuntu11
released
utopic
Fixed 7.4.4-1ubuntu11
released
trusty
Fixed 7.4.4-1ubuntu2.3
released
precise
Fixed 5.8.6-1ubuntu8.9
released
lucid
Fixed 4.2.0-2ubuntu8.3
released
sysklogd
zesty
dne
yakkety
dne
xenial
dne
wily
dne
vivid
dne
utopic
dne
trusty
dne
precise
ignored
lucid
ignored
Common Weakness Enumeration
References
http://advisories.mageia.org/MGASA-2014-0411.html
http://linux.oracle.com/errata/ELSA-2014-1654
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00005.html
http://lists.opensuse.org/opensuse-updates/2014-10/msg00020.html
http://lists.opensuse.org/opensuse-updates/2014-10/msg00021.html
http://rhn.redhat.com/errata/RHSA-2014-1397.html
http://rhn.redhat.com/errata/RHSA-2014-1654.html
http://rhn.redhat.com/errata/RHSA-2014-1671.html
http://secunia.com/advisories/61494
http://secunia.com/advisories/61720
http://secunia.com/advisories/61930
http://www.debian.org/security/2014/dsa-3040
http://www.mandriva.com/security/advisories?name=MDVSA-2015:130
http://www.openwall.com/lists/oss-security/2014/09/30/15
http://www.openwall.com/lists/oss-security/2014/10/03/1
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.rsyslog.com/remote-syslog-pri-vulnerability/
http://www.ubuntu.com/usn/USN-2381-1
http://advisories.mageia.org/MGASA-2014-0411.html
http://linux.oracle.com/errata/ELSA-2014-1654
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00005.html
http://lists.opensuse.org/opensuse-updates/2014-10/msg00020.html
http://lists.opensuse.org/opensuse-updates/2014-10/msg00021.html
http://rhn.redhat.com/errata/RHSA-2014-1397.html
http://rhn.redhat.com/errata/RHSA-2014-1654.html
http://rhn.redhat.com/errata/RHSA-2014-1671.html
http://secunia.com/advisories/61494
http://secunia.com/advisories/61720
http://secunia.com/advisories/61930
http://www.debian.org/security/2014/dsa-3040
http://www.mandriva.com/security/advisories?name=MDVSA-2015:130
http://www.openwall.com/lists/oss-security/2014/09/30/15
http://www.openwall.com/lists/oss-security/2014/10/03/1
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.rsyslog.com/remote-syslog-pri-vulnerability/
http://www.ubuntu.com/usn/USN-2381-1