Vulnerability CVE-2014-3683: Information

Description

Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash) via a large priority (PRI) value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3634.

Severity: MEDIUM (5.0)

URL: https://nvd.nist.gov/vuln/detail/CVE-2014-3683
Published: Nov. 2, 2014
Modified: Oct. 18, 2016
Error type identifier: CWE-189

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
rsyslogsisyphus8.4.2-alt18.2404.0-alt1ALT-PU-2014-2253-1131840Fixed
rsyslogp108.4.2-alt18.2304.0-alt1ALT-PU-2014-2253-1131840Fixed
rsyslogp98.4.2-alt18.1901.0-alt1ALT-PU-2014-2253-1131840Fixed
rsyslogc10f18.4.2-alt18.2304.0-alt1ALT-PU-2014-2253-1131840Fixed
rsyslogc9f28.4.2-alt18.2204.1-alt1ALT-PU-2014-2253-1131840Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
61494
    [oss-security] 20141003 sysklogd vulnerability (CVE-2014-3634)
    • Patch
    [oss-security] 20140930 vulnerability in rsyslog
      http://www.rsyslog.com/remote-syslog-pri-vulnerability-cve-2014-3683/
      • Exploit
      • Patch
      • Vendor Advisory
      openSUSE-SU-2014:1297
        USN-2381-1
          SUSE-SU-2014:1294
            openSUSE-SU-2014:1298
              DSA-3047
                http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

                    1. Configuration 1

                      cpe:2.3:a:rsyslog:rsyslog:8.3.5:*:*:*:*:*:*:*
                      cpe:2.3:a:rsyslog:rsyslog:8.2.2:*:*:*:*:*:*:*
                      cpe:2.3:a:rsyslog:rsyslog:8.2.1:*:*:*:*:*:*:*
                      cpe:2.3:a:rsyslog:rsyslog:8.2.3:*:*:*:*:*:*:*
                      cpe:2.3:a:rsyslog:rsyslog:8.1.6:*:*:*:*:*:*:*
                      cpe:2.3:a:rsyslog:rsyslog:8.1.2:*:*:*:*:*:*:*
                      cpe:2.3:a:rsyslog:rsyslog:8.1.1:*:*:*:*:*:*:*
                      cpe:2.3:a:rsyslog:rsyslog:8.4.1:*:*:*:*:*:*:*
                      cpe:2.3:a:rsyslog:rsyslog:8.3.2:*:*:*:*:*:*:*
                      cpe:2.3:a:rsyslog:rsyslog:8.3.4:*:*:*:*:*:*:*
                      cpe:2.3:a:rsyslog:rsyslog:8.1.4:*:*:*:*:*:*:*
                      cpe:2.3:a:rsyslog:rsyslog:8.3.3:*:*:*:*:*:*:*
                      cpe:2.3:a:rsyslog:rsyslog:8.3.0:*:*:*:*:*:*:*
                      cpe:2.3:a:rsyslog:rsyslog:8.4.0:*:*:*:*:*:*:*
                      cpe:2.3:a:rsyslog:rsyslog:8.1.5:*:*:*:*:*:*:*
                      cpe:2.3:a:rsyslog:rsyslog:*:*:*:*:*:*:*:*
                      End including
                      7.6.6
                      cpe:2.3:a:rsyslog:rsyslog:8.1.0:*:*:*:*:*:*:*
                      cpe:2.3:a:rsyslog:rsyslog:8.3.1:*:*:*:*:*:*:*
                      cpe:2.3:a:rsyslog:rsyslog:8.1.3:*:*:*:*:*:*:*
                      cpe:2.3:a:rsyslog:rsyslog:8.2.0:*:*:*:*:*:*:*

                      Configuration 2

                      cpe:2.3:a:sysklogd_project:sysklogd:1.4.1:*:*:*:*:*:*:*
                      cpe:2.3:a:sysklogd_project:sysklogd:1.3:*:*:*:*:*:*:*
                      cpe:2.3:a:sysklogd_project:sysklogd:1.1:*:*:*:*:*:*:*
                      cpe:2.3:a:sysklogd_project:sysklogd:1.4:*:*:*:*:*:*:*
                      cpe:2.3:a:sysklogd_project:sysklogd:1.2:*:*:*:*:*:*:*
                      cpe:2.3:a:sysklogd_project:sysklogd:*:*:*:*:*:*:*:*
                      End including
                      1.5
                  VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                  Version: v24.4.2
                  Back to top