CVE-2014-3683

Name of the Vulnerable Software and Affected Versions rsyslog versions prior to 8.4.2 sysklogd version 1.5 and earlier

Description The issue affects the rsyslog package in Gentoo Linux and can lead to a disruption in the confidentiality, integrity, and availability of protected information. It is caused by an integer overflow when parsing PRI values, which can be exploited remotely. By sending a specially crafted message, an attacker can cause the service to crash, resulting in a denial of service.

Recommendations For rsyslog versions prior to 8.4.2, update to version 8.4.2 or later to resolve the issue. For sysklogd version 1.5 and earlier, consider upgrading to a version later than 1.5 to mitigate the risk. As a temporary workaround, consider restricting access to the PRI parsing functionality until a patch is available.