CVE-2014-3634

EPSS 29.4%

rsyslog - security update

Published: 11/2/2014Modified: 4/28/2026

Also known as:DEBIAN-CVE-2014-3634

Description

rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access.

Affected packages (4)

Debian/inetutilsfrom 0, < 2:1.9.2.39.3a460-1
Debian/rsyslogfrom 0, < 8.4.1-1
Debian/rsyslogfrom 0, < 4.6.4-2+deb6u1
Debian/rsyslogfrom 0, < 5.8.11-3+deb7u1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-3634