CVE-2014-3683

Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash) via a large priority (PRI) value.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3634.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
Affected Products (NVD)
VendorProductVersion
rsyslogrsyslog
𝑥
≤ 7.6.6
rsyslogrsyslog
8.1.0
rsyslogrsyslog
8.1.1
rsyslogrsyslog
8.1.2
rsyslogrsyslog
8.1.3
rsyslogrsyslog
8.1.4
rsyslogrsyslog
8.1.5
rsyslogrsyslog
8.1.6
rsyslogrsyslog
8.2.0
rsyslogrsyslog
8.2.1
rsyslogrsyslog
8.2.2
rsyslogrsyslog
8.2.3
rsyslogrsyslog
8.3.0
rsyslogrsyslog
8.3.1
rsyslogrsyslog
8.3.2
rsyslogrsyslog
8.3.3
rsyslogrsyslog
8.3.4
rsyslogrsyslog
8.3.5
rsyslogrsyslog
8.4.0
rsyslogrsyslog
8.4.1
sysklogd_projectsysklogd
𝑥
≤ 1.5
sysklogd_projectsysklogd
1.1
sysklogd_projectsysklogd
1.2
sysklogd_projectsysklogd
1.3
sysklogd_projectsysklogd
1.4
sysklogd_projectsysklogd
1.4.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
rsyslog
bookworm
8.2302.0-1
fixed
bullseye
8.2102.0-2+deb11u1
fixed
bullseye (security)
8.2102.0-2+deb11u1
fixed
sid
8.2410.0-1
fixed
trixie
8.2410.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
rsyslog
lucid
Fixed 4.2.0-2ubuntu8.3
released
precise
Fixed 5.8.6-1ubuntu8.9
released
trusty
Fixed 7.4.4-1ubuntu2.3
released
utopic
Fixed 7.4.4-1ubuntu11
released
vivid
Fixed 7.4.4-1ubuntu11
released
wily
Fixed 7.4.4-1ubuntu11
released
xenial
Fixed 7.4.4-1ubuntu11
released
yakkety
Fixed 7.4.4-1ubuntu11
released
zesty
Fixed 7.4.4-1ubuntu11
released
sysklogd
lucid
ignored
precise
ignored
trusty
dne
utopic
dne
vivid
dne
wily
dne
xenial
dne
yakkety
dne
zesty
dne
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
rsyslog
suse enterprise sap 12
8.4.0-5.1
fixed
suse enterprise sap 12 SP5
8.24.0-3.28.2
fixed
suse enterprise server 12
8.4.0-5.1
fixed
suse enterprise server 12 SP2
8.4.0-14.1
fixed
suse enterprise server 12 SP5
8.24.0-3.28.2
fixed
rsyslog-diag-tools
suse enterprise sap 12
8.4.0-5.1
fixed
suse enterprise sap 12 SP5
8.24.0-3.28.2
fixed
suse enterprise server 12
8.4.0-5.1
fixed
suse enterprise server 12 SP2
8.4.0-14.1
fixed
suse enterprise server 12 SP5
8.24.0-3.28.2
fixed
rsyslog-doc
suse enterprise sap 12
8.4.0-5.1
fixed
suse enterprise sap 12 SP5
8.24.0-3.28.2
fixed
suse enterprise server 12
8.4.0-5.1
fixed
suse enterprise server 12 SP2
8.4.0-14.1
fixed
suse enterprise server 12 SP5
8.24.0-3.28.2
fixed
rsyslog-module-gssapi
suse enterprise sap 12
8.4.0-5.1
fixed
suse enterprise sap 12 SP5
8.24.0-3.28.2
fixed
suse enterprise sap 15
8.33.1-1.30
fixed
suse enterprise sap 15 SP1
8.33.1-3.9.1
fixed
suse enterprise server 12
8.4.0-5.1
fixed
suse enterprise server 12 SP2
8.4.0-14.1
fixed
suse enterprise server 12 SP5
8.24.0-3.28.2
fixed
suse enterprise server 15
8.33.1-1.30
fixed
suse enterprise server 15 SP1
8.33.1-3.9.1
fixed
rsyslog-module-gtls
suse enterprise sap 12
8.4.0-5.1
fixed
suse enterprise sap 12 SP5
8.24.0-3.28.2
fixed
suse enterprise sap 15 SP1
8.33.1-3.9.1
fixed
suse enterprise server 12
8.4.0-5.1
fixed
suse enterprise server 12 SP2
8.4.0-14.1
fixed
suse enterprise server 12 SP5
8.24.0-3.28.2
fixed
suse enterprise server 15 SP1
8.33.1-3.9.1
fixed
rsyslog-module-mmnormalize
suse enterprise sap 12 SP5
8.24.0-3.28.2
fixed
suse enterprise server 12 SP5
8.24.0-3.28.2
fixed
rsyslog-module-mysql
suse enterprise sap 12
8.4.0-5.1
fixed
suse enterprise sap 12 SP5
8.24.0-3.28.2
fixed
suse enterprise sap 15
8.33.1-1.30
fixed
suse enterprise sap 15 SP1
8.33.1-3.9.1
fixed
suse enterprise server 12
8.4.0-5.1
fixed
suse enterprise server 12 SP2
8.4.0-14.1
fixed
suse enterprise server 12 SP5
8.24.0-3.28.2
fixed
suse enterprise server 15
8.33.1-1.30
fixed
suse enterprise server 15 SP1
8.33.1-3.9.1
fixed
rsyslog-module-pgsql
suse enterprise sap 12
8.4.0-5.1
fixed
suse enterprise sap 12 SP5
8.24.0-3.28.2
fixed
suse enterprise sap 15
8.33.1-1.30
fixed
suse enterprise sap 15 SP1
8.33.1-3.9.1
fixed
suse enterprise server 12
8.4.0-5.1
fixed
suse enterprise server 12 SP2
8.4.0-14.1
fixed
suse enterprise server 12 SP5
8.24.0-3.28.2
fixed
suse enterprise server 15
8.33.1-1.30
fixed
suse enterprise server 15 SP1
8.33.1-3.9.1
fixed
rsyslog-module-relp
suse enterprise sap 12
8.4.0-5.1
fixed
suse enterprise sap 12 SP5
8.24.0-3.28.2
fixed
suse enterprise sap 15
8.33.1-1.30
fixed
suse enterprise sap 15 SP1
8.33.1-3.9.1
fixed
suse enterprise server 12
8.4.0-5.1
fixed
suse enterprise server 12 SP2
8.4.0-14.1
fixed
suse enterprise server 12 SP5
8.24.0-3.28.2
fixed
suse enterprise server 15
8.33.1-1.30
fixed
suse enterprise server 15 SP1
8.33.1-3.9.1
fixed
rsyslog-module-snmp
suse enterprise sap 12
8.4.0-5.1
fixed
suse enterprise sap 12 SP5
8.24.0-3.28.2
fixed
suse enterprise sap 15
8.33.1-1.30
fixed
suse enterprise sap 15 SP1
8.33.1-3.9.1
fixed
suse enterprise server 12
8.4.0-5.1
fixed
suse enterprise server 12 SP2
8.4.0-14.1
fixed
suse enterprise server 12 SP5
8.24.0-3.28.2
fixed
suse enterprise server 15
8.33.1-1.30
fixed
suse enterprise server 15 SP1
8.33.1-3.9.1
fixed
rsyslog-module-udpspoof
suse enterprise sap 12
8.4.0-5.1
fixed
suse enterprise sap 12 SP5
8.24.0-3.28.2
fixed
suse enterprise sap 15
8.33.1-1.30
fixed
suse enterprise sap 15 SP1
8.33.1-3.9.1
fixed
suse enterprise server 12
8.4.0-5.1
fixed
suse enterprise server 12 SP2
8.4.0-14.1
fixed
suse enterprise server 12 SP5
8.24.0-3.28.2
fixed
suse enterprise server 15
8.33.1-1.30
fixed
suse enterprise server 15 SP1
8.33.1-3.9.1
fixed
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00005.html
http://lists.opensuse.org/opensuse-updates/2014-10/msg00020.html
http://lists.opensuse.org/opensuse-updates/2014-10/msg00021.html
http://secunia.com/advisories/61494
http://www.debian.org/security/2014/dsa-3047
http://www.openwall.com/lists/oss-security/2014/09/30/15
http://www.openwall.com/lists/oss-security/2014/10/03/1
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.rsyslog.com/remote-syslog-pri-vulnerability-cve-2014-3683/
http://www.ubuntu.com/usn/USN-2381-1
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00005.html
http://lists.opensuse.org/opensuse-updates/2014-10/msg00020.html
http://lists.opensuse.org/opensuse-updates/2014-10/msg00021.html
http://secunia.com/advisories/61494
http://www.debian.org/security/2014/dsa-3047
http://www.openwall.com/lists/oss-security/2014/09/30/15
http://www.openwall.com/lists/oss-security/2014/10/03/1
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.rsyslog.com/remote-syslog-pri-vulnerability-cve-2014-3683/
http://www.ubuntu.com/usn/USN-2381-1