CVE-2014-3683
Description
Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash) via a large priority (PRI) value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3634.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
2.849
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Enhanced syslogd (USN-2381-1) rsyslog_7.4.4-1ubuntu2.3_i386.deb | Linux |
| Enhanced syslogd (USN-2381-1) rsyslog_7.4.4-1ubuntu2.3_amd64.deb | Linux |
| rsyslog security update(DSA-3047-1) rsyslog_8.4.2-1_kfreebsd-i386.deb | Linux |
| rsyslog security update(DSA-3047-1) rsyslog_8.4.2-1_kfreebsd-amd64.deb | Linux |
| CVE-2014-3683 | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234