CVE-2014-3634

rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sysklogd_project:sysklogd:*:*:*:*:*:*:*:*
cpe:2.3:a:sysklogd_project:sysklogd:1.1:*:*:*:*:*:*:*
cpe:2.3:a:sysklogd_project:sysklogd:1.2:*:*:*:*:*:*:*
cpe:2.3:a:sysklogd_project:sysklogd:1.3:*:*:*:*:*:*:*
cpe:2.3:a:sysklogd_project:sysklogd:1.4:*:*:*:*:*:*:*
cpe:2.3:a:sysklogd_project:sysklogd:1.4.1:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:rsyslog:rsyslog:*:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:8.1.2:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:8.1.3:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:8.1.4:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:8.1.5:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:8.1.6:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:8.2.0:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:8.2.1:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:8.2.2:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:8.2.3:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:8.3.0:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:8.3.1:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:8.3.2:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:8.3.3:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:8.3.4:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:8.3.5:*:*:*:*:*:*:*
cpe:2.3:a:rsyslog:rsyslog:8.4.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2014-11-02 00:55

Updated : 2024-02-04 18:35


NVD link : CVE-2014-3634

Mitre link : CVE-2014-3634

CVE.ORG link : CVE-2014-3634


JSON object : View

Products Affected

rsyslog

  • rsyslog

sysklogd_project

  • sysklogd
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer