Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash) via a large priority (PRI) value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3634.
Vector
NETWORK
Complexity
LOW
Authentication
NONE
Confidentiality
NONE
Integrity
NONE
Availability
PARTIAL
Rsyslog Rsyslog 8.3.0 (not an official CPE)
Rsyslog Rsyslog 8.2.1 (not an official CPE)
Rsyslog Rsyslog 8.1.2 (not an official CPE)
Rsyslog Rsyslog 8.2.0 (not an official CPE)
Rsyslog Rsyslog 8.1.1 (not an official CPE)
Rsyslog Rsyslog 7.6.6 (not an official CPE)
Sysklogd project Sysklogd 1.2 (not an official CPE)
Sysklogd project Sysklogd 1.3 (not an official CPE)
Sysklogd project Sysklogd 1.4 (not an official CPE)
Sysklogd project Sysklogd 1.1 (not an official CPE)
Rsyslog Rsyslog 8.4.0 (not an official CPE)
Rsyslog Rsyslog 8.3.1 (not an official CPE)
Rsyslog Rsyslog 8.2.2 (not an official CPE)
Rsyslog Rsyslog 8.1.3 (not an official CPE)
Rsyslog Rsyslog 8.3.4 (not an official CPE)
Rsyslog Rsyslog 8.1.6 (not an official CPE)
Rsyslog Rsyslog 8.3.3 (not an official CPE)
Rsyslog Rsyslog 8.1.5 (not an official CPE)
Sysklogd project Sysklogd 1.4.1 (not an official CPE)
Rsyslog Rsyslog 8.3.5 (not an official CPE)
Rsyslog Rsyslog 8.4.1 (not an official CPE)
Rsyslog Rsyslog 8.3.2 (not an official CPE)
Rsyslog Rsyslog 8.2.3 (not an official CPE)
Rsyslog Rsyslog 8.1.4 (not an official CPE)
Rsyslog Rsyslog 8.1.0 (not an official CPE)
Sysklogd project Sysklogd 1.5 (not an official CPE)