MidnightBSD

Advisories for sysklogd_project

CVE-2014-3634 HIGH

rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
rsyslog rsyslog 8.1.4
rsyslog rsyslog *
rsyslog rsyslog 8.3.5
rsyslog rsyslog 8.2.2
sysklogd_project sysklogd 1.2
rsyslog rsyslog 8.3.1
rsyslog rsyslog 8.2.1
rsyslog rsyslog 8.3.3
sysklogd_project sysklogd 1.4
sysklogd_project sysklogd 1.3
sysklogd_project sysklogd 1.1
rsyslog rsyslog 8.3.2
rsyslog rsyslog 8.1.0
rsyslog rsyslog 8.1.5
rsyslog rsyslog 8.3.0
sysklogd_project sysklogd *
rsyslog rsyslog 8.1.1
rsyslog rsyslog 8.1.3
rsyslog rsyslog 8.1.6
rsyslog rsyslog 8.2.0
sysklogd_project sysklogd 1.4.1
rsyslog rsyslog 8.4.0
rsyslog rsyslog 8.2.3
rsyslog rsyslog 8.1.2
rsyslog rsyslog 8.3.4
CVE-2014-3683 MEDIUM

Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash) via a large priority (PRI) value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3634.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
rsyslog rsyslog 8.1.4
rsyslog rsyslog *
rsyslog rsyslog 8.3.5
rsyslog rsyslog 8.2.2
sysklogd_project sysklogd 1.2
rsyslog rsyslog 8.3.1
rsyslog rsyslog 8.2.1
rsyslog rsyslog 8.3.3
sysklogd_project sysklogd 1.4
sysklogd_project sysklogd 1.3
sysklogd_project sysklogd 1.1
rsyslog rsyslog 8.3.2
rsyslog rsyslog 8.1.0
rsyslog rsyslog 8.1.5
rsyslog rsyslog 8.3.0
sysklogd_project sysklogd *
rsyslog rsyslog 8.1.1
rsyslog rsyslog 8.1.3
rsyslog rsyslog 8.1.6
rsyslog rsyslog 8.2.0
sysklogd_project sysklogd 1.4.1
rsyslog rsyslog 8.4.0
rsyslog rsyslog 8.2.3
rsyslog rsyslog 8.4.1
rsyslog rsyslog 8.1.2
rsyslog rsyslog 8.3.4