CVE-2014-3683
rsyslog - security update
EPSS 2.9%
Description
Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash) via a large priority (PRI) value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3634.
How to fix CVE-2014-3683
To remediate CVE-2014-3683, upgrade the affected package to a fixed version below.
- Debian/rsyslog—upgrade to 8.4.2-1 or later
- Debian/rsyslog—upgrade to 5.8.11-3+deb7u2 or later
Is CVE-2014-3683 being exploited?
Low — EPSS is 2.9%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 8.4.2-1
- from 0, < 5.8.11-3+deb7u2