rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| rsyslog | rsyslog | 8.1.4 |
| rsyslog | rsyslog | * |
| rsyslog | rsyslog | 8.3.5 |
| rsyslog | rsyslog | 8.2.2 |
| sysklogd_project | sysklogd | 1.2 |
| rsyslog | rsyslog | 8.3.1 |
| rsyslog | rsyslog | 8.2.1 |
| rsyslog | rsyslog | 8.3.3 |
| sysklogd_project | sysklogd | 1.4 |
| sysklogd_project | sysklogd | 1.3 |
| sysklogd_project | sysklogd | 1.1 |
| rsyslog | rsyslog | 8.3.2 |
| rsyslog | rsyslog | 8.1.0 |
| rsyslog | rsyslog | 8.1.5 |
| rsyslog | rsyslog | 8.3.0 |
| sysklogd_project | sysklogd | * |
| rsyslog | rsyslog | 8.1.1 |
| rsyslog | rsyslog | 8.1.3 |
| rsyslog | rsyslog | 8.1.6 |
| rsyslog | rsyslog | 8.2.0 |
| sysklogd_project | sysklogd | 1.4.1 |
| rsyslog | rsyslog | 8.4.0 |
| rsyslog | rsyslog | 8.2.3 |
| rsyslog | rsyslog | 8.1.2 |
| rsyslog | rsyslog | 8.3.4 |
Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash) via a large priority (PRI) value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3634.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| rsyslog | rsyslog | 8.1.4 |
| rsyslog | rsyslog | * |
| rsyslog | rsyslog | 8.3.5 |
| rsyslog | rsyslog | 8.2.2 |
| sysklogd_project | sysklogd | 1.2 |
| rsyslog | rsyslog | 8.3.1 |
| rsyslog | rsyslog | 8.2.1 |
| rsyslog | rsyslog | 8.3.3 |
| sysklogd_project | sysklogd | 1.4 |
| sysklogd_project | sysklogd | 1.3 |
| sysklogd_project | sysklogd | 1.1 |
| rsyslog | rsyslog | 8.3.2 |
| rsyslog | rsyslog | 8.1.0 |
| rsyslog | rsyslog | 8.1.5 |
| rsyslog | rsyslog | 8.3.0 |
| sysklogd_project | sysklogd | * |
| rsyslog | rsyslog | 8.1.1 |
| rsyslog | rsyslog | 8.1.3 |
| rsyslog | rsyslog | 8.1.6 |
| rsyslog | rsyslog | 8.2.0 |
| sysklogd_project | sysklogd | 1.4.1 |
| rsyslog | rsyslog | 8.4.0 |
| rsyslog | rsyslog | 8.2.3 |
| rsyslog | rsyslog | 8.4.1 |
| rsyslog | rsyslog | 8.1.2 |
| rsyslog | rsyslog | 8.3.4 |