Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2014-3683

Published: 02/11/2014 Updated: 18/10/2016
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Rsyslog

Vulnerability Summary

Integer overflow in rsyslog prior to 7.6.7 and 8.x prior to 8.4.2 and sysklogd 1.5 and previous versions allows remote malicious users to cause a denial of service (crash) via a large priority (PRI) value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3634.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

rsyslog rsyslog 8.1.5

rsyslog rsyslog 8.1.6

rsyslog rsyslog 8.3.2

rsyslog rsyslog 8.3.3

rsyslog rsyslog

rsyslog rsyslog 8.1.0

rsyslog rsyslog 8.2.0

rsyslog rsyslog 8.2.1

rsyslog rsyslog 8.3.4

rsyslog rsyslog 8.3.5

rsyslog rsyslog 8.1.1

rsyslog rsyslog 8.1.2

rsyslog rsyslog 8.2.2

rsyslog rsyslog 8.2.3

rsyslog rsyslog 8.4.0

rsyslog rsyslog 8.4.1

rsyslog rsyslog 8.1.3

rsyslog rsyslog 8.1.4

rsyslog rsyslog 8.3.0

rsyslog rsyslog 8.3.1

sysklogd project sysklogd 1.4

sysklogd project sysklogd 1.4.1

sysklogd project sysklogd 1.3

sysklogd project sysklogd 1.2

sysklogd project sysklogd 1.1

sysklogd project sysklogd

Vendor Advisories

Ubuntu Security Notice: rsyslog vulnerabilities
Rsyslog could be made to crash if it received specially crafted input ...
Debian Security Advisories: DSA-3047-1 rsyslog -- security update
Mancha discovered a vulnerability in rsyslog, a system for log processing This vulnerability is an integer overflow that can be triggered by malformed messages to a server, if this one accepts data from untrusted sources, provoking message loss, denial of service and, potentially, remote code execution This vulnerability can be seen as an incompl ...
Red Hat: CVE-2014-3683
Integer overflow in rsyslog before 767 and 8x before 842 and sysklogd 15 and earlier allows remote attackers to cause a denial of service (crash) via a large priority (PRI) value NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3634 ...

References

CWE-189http://secunia.com/advisories/61494http://www.openwall.com/lists/oss-security/2014/10/03/1http://www.openwall.com/lists/oss-security/2014/09/30/15http://www.rsyslog.com/remote-syslog-pri-vulnerability-cve-2014-3683/http://lists.opensuse.org/opensuse-updates/2014-10/msg00020.htmlhttp://www.ubuntu.com/usn/USN-2381-1http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00005.htmlhttp://lists.opensuse.org/opensuse-updates/2014-10/msg00021.htmlhttp://www.debian.org/security/2014/dsa-3047http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlhttps://usn.ubuntu.com/2381-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2014-3683
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook