Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2014-3634

Published: 02/11/2014 Updated: 18/10/2016
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Sysklogd

Vulnerability Summary

rsyslog prior to 7.6.6 and 8.x prior to 8.4.1 and sysklogd 1.5 and previous versions allows remote malicious users to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access.

Vulnerable Product Search on Vulmon Subscribe to Product

sysklogd project sysklogd 1.3

sysklogd project sysklogd 1.2

sysklogd project sysklogd 1.1

sysklogd project sysklogd

sysklogd project sysklogd 1.4

sysklogd project sysklogd 1.4.1

rsyslog rsyslog 8.1.3

rsyslog rsyslog 8.1.4

rsyslog rsyslog 8.3.0

rsyslog rsyslog 8.1.5

rsyslog rsyslog 8.1.6

rsyslog rsyslog 8.3.3

rsyslog rsyslog 8.3.4

rsyslog rsyslog 8.3.1

rsyslog rsyslog 8.3.2

rsyslog rsyslog

rsyslog rsyslog 8.1.0

rsyslog rsyslog 8.2.0

rsyslog rsyslog 8.2.1

rsyslog rsyslog 8.3.5

rsyslog rsyslog 8.4.0

rsyslog rsyslog 8.1.1

rsyslog rsyslog 8.1.2

rsyslog rsyslog 8.2.2

rsyslog rsyslog 8.2.3

Vendor Advisories

Ubuntu Security Notice: rsyslog vulnerabilities
Rsyslog could be made to crash if it received specially crafted input ...
Debian Security Advisories: DSA-3047-1 rsyslog -- security update
Mancha discovered a vulnerability in rsyslog, a system for log processing This vulnerability is an integer overflow that can be triggered by malformed messages to a server, if this one accepts data from untrusted sources, provoking message loss, denial of service and, potentially, remote code execution This vulnerability can be seen as an incompl ...
Debian Security Advisories: DSA-3040-1 rsyslog -- security update
Rainer Gerhards, the rsyslog project leader, reported a vulnerability in Rsyslog, a system for log processing As a consequence of this vulnerability an attacker can send malformed messages to a server, if this one accepts data from untrusted sources, and trigger a denial of service attack For the stable distribution (wheezy), this problem has bee ...
Amazon Linux 2: ALAS2-2022-1803
A flaw was found in the way rsyslog handled invalid log message priority values In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon or, potentially in rsyslog 7x, execute arbitrary code as the user running the rsyslog daemon (CVE-2014-3634) A flaw ...
Amazon Linux AMI: ALAS-2014-445
A flaw was found in the way rsyslog handled invalid log message priority values In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon (CVE-2014-3634) ...
Amazon Linux AMI: ALAS-2022-1594
A flaw was found in the way rsyslog handled invalid log message priority values In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon or, potentially in rsyslog 7x, execute arbitrary code as the user running the rsyslog daemon (CVE-2014-3634) A flaw ...
Red Hat: CVE-2014-3634
A flaw was found in the way rsyslog handled invalid log message priority values In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon or, potentially in rsyslog 7x, execute arbitrary code as the user running the rsyslog daemon ...
Amazon Linux 2022: ALAS2022-2022-075
A flaw was found in the way rsyslog handled invalid log message priority values In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon or, potentially in rsyslog 7x, execute arbitrary code as the user running the rsyslog daemon (CVE-2014-3634) A flaw ...
Amazon Linux 2022: ALAS-2022-211
ALAS-2022-211 Amazon Linux 2022 Security Advisory: ALAS-2022-211 Advisory Release Date: 2022-12-06 16:41 Pacific ...

References

CWE-119http://www.rsyslog.com/remote-syslog-pri-vulnerability/http://www.openwall.com/lists/oss-security/2014/10/03/1http://www.openwall.com/lists/oss-security/2014/09/30/15http://secunia.com/advisories/61720http://secunia.com/advisories/61494http://www.debian.org/security/2014/dsa-3040http://linux.oracle.com/errata/ELSA-2014-1654http://lists.opensuse.org/opensuse-updates/2014-10/msg00020.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1654.htmlhttp://www.ubuntu.com/usn/USN-2381-1http://rhn.redhat.com/errata/RHSA-2014-1397.htmlhttp://secunia.com/advisories/61930http://rhn.redhat.com/errata/RHSA-2014-1671.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-10/msg00005.htmlhttp://lists.opensuse.org/opensuse-updates/2014-10/msg00021.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:130http://advisories.mageia.org/MGASA-2014-0411.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlhttps://usn.ubuntu.com/2381-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2014-3634
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298CVE-2024-20356CVE-2023-21987CVE-2024-33217bypassCVE-2024-31804CVE-2024-32660unauthorizedSSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook