{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-09-30T00:00:00", "descriptions": [{"lang": "en", "value": "rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-10-14T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "openSUSE-SU-2014:1297", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00020.html"}, {"name": "RHSA-2014:1671", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1671.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://advisories.mageia.org/MGASA-2014-0411.html"}, {"name": "SUSE-SU-2014:1294", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00005.html"}, {"name": "openSUSE-SU-2014:1298", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00021.html"}, {"name": "RHSA-2014:1654", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1654.html"}, {"name": "61720", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/61720"}, {"name": "MDVSA-2015:130", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:130"}, {"name": "[oss-security] 20140930 vulnerability in rsyslog", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/09/30/15"}, {"name": "61494", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/61494"}, {"name": "RHSA-2014:1397", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1397.html"}, {"name": "[oss-security] 20141003 sysklogd vulnerability (CVE-2014-3634)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/10/03/1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://linux.oracle.com/errata/ELSA-2014-1654"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.rsyslog.com/remote-syslog-pri-vulnerability/"}, {"name": "USN-2381-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2381-1"}, {"name": "DSA-3040", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2014/dsa-3040"}, {"name": "61930", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/61930"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-3634", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "openSUSE-SU-2014:1297", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00020.html"}, {"name": "RHSA-2014:1671", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-1671.html"}, {"name": "http://advisories.mageia.org/MGASA-2014-0411.html", "refsource": "CONFIRM", "url": "http://advisories.mageia.org/MGASA-2014-0411.html"}, {"name": "SUSE-SU-2014:1294", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00005.html"}, {"name": "openSUSE-SU-2014:1298", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00021.html"}, {"name": "RHSA-2014:1654", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-1654.html"}, {"name": "61720", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/61720"}, {"name": "MDVSA-2015:130", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:130"}, {"name": "[oss-security] 20140930 vulnerability in rsyslog", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/09/30/15"}, {"name": "61494", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/61494"}, {"name": "RHSA-2014:1397", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-1397.html"}, {"name": "[oss-security] 20141003 sysklogd vulnerability (CVE-2014-3634)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/10/03/1"}, {"name": "http://linux.oracle.com/errata/ELSA-2014-1654", "refsource": "CONFIRM", "url": "http://linux.oracle.com/errata/ELSA-2014-1654"}, {"name": "http://www.rsyslog.com/remote-syslog-pri-vulnerability/", "refsource": "CONFIRM", "url": "http://www.rsyslog.com/remote-syslog-pri-vulnerability/"}, {"name": "USN-2381-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2381-1"}, {"name": "DSA-3040", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-3040"}, {"name": "61930", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/61930"}, {"name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:50:18.205Z"}, "title": "CVE Program Container", "references": [{"name": "openSUSE-SU-2014:1297", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00020.html"}, {"name": "RHSA-2014:1671", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1671.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://advisories.mageia.org/MGASA-2014-0411.html"}, {"name": "SUSE-SU-2014:1294", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00005.html"}, {"name": "openSUSE-SU-2014:1298", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00021.html"}, {"name": "RHSA-2014:1654", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1654.html"}, {"name": "61720", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/61720"}, {"name": "MDVSA-2015:130", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:130"}, {"name": "[oss-security] 20140930 vulnerability in rsyslog", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/09/30/15"}, {"name": "61494", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/61494"}, {"name": "RHSA-2014:1397", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1397.html"}, {"name": "[oss-security] 20141003 sysklogd vulnerability (CVE-2014-3634)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/10/03/1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://linux.oracle.com/errata/ELSA-2014-1654"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.rsyslog.com/remote-syslog-pri-vulnerability/"}, {"name": "USN-2381-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2381-1"}, {"name": "DSA-3040", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2014/dsa-3040"}, {"name": "61930", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/61930"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-3634", "datePublished": "2014-11-02T00:00:00", "dateReserved": "2014-05-14T00:00:00", "dateUpdated": "2024-08-06T10:50:18.205Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sysklogd_project:sysklogd:*:*:*:*:*:*:*:*", "matchCriteriaId": "E8153176-4736-4C00-AEDA-B0C399CEF0FE", "versionEndIncluding": "1.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:sysklogd_project:sysklogd:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "7134FB84-BF8E-4044-9DF1-FB006CAEB82D", "vulnerable": true}, {"criteria": "cpe:2.3:a:sysklogd_project:sysklogd:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "7F8D4E4C-0BFB-4DA8-8A04-03F4BE1FBA6B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sysklogd_project:sysklogd:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "4828D8F7-C422-453D-947F-2DA7FD7CE2FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:sysklogd_project:sysklogd:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "34FBFC21-907B-44C7-92D7-7533CA869F1D", "vulnerable": true}, {"criteria": "cpe:2.3:a:sysklogd_project:sysklogd:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "CF0B6E60-34CB-4AEB-898C-92B89397D913", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rsyslog:rsyslog:*:*:*:*:*:*:*:*", "matchCriteriaId": "DA324C56-7C20-448A-964C-E93F1EA126EC", "versionEndIncluding": "7.6.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:8.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "36DC9B2C-6F7E-4EB4-9C0F-1A64F4D26988", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:8.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "D3999B54-9597-435C-A1D3-63056A2F38FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:8.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "C5981F7C-A805-4D14-AFB5-B1390A1006D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:8.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "6D25EEF3-D5A9-4280-BCCA-AE95BCF53436", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:8.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "D95D27C1-7D7F-4585-8116-E687D046FE41", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:8.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "CB8B11FD-ABCF-4431-A48B-161191930104", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:8.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "3A51AF9A-1A30-4B53-959E-6C74C0AE8F41", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:8.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "A6657869-BAA3-4B0B-9192-13D1EA17CB14", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:8.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "D18F510E-2047-4CF6-8E3A-082AF3BCEF76", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:8.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "45184D20-C855-4484-BE1A-D7BCFA09DF93", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:8.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "493EEAEA-7EB8-472C-8DD6-459D5C879A2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:8.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "CAE90FB3-04A2-41F9-B14A-B64AFF0ED685", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:8.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "036D3F44-5164-4321-A9F7-D6DBF828DE96", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:8.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "BA6B5CF8-30AE-4308-B08E-0990EA4CC4A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:8.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "20391A5A-DA72-4BAE-A1D5-B8E8D0050E8A", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:8.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "AF252F0D-CE83-4EB9-BE77-2D9438D78B94", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:8.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "952748AE-C996-4B09-8C86-B27901F563AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:rsyslog:rsyslog:8.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "8FA1E622-26EF-4405-9665-64DE591850B1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access."}, {"lang": "es", "value": "rsyslog anterior a 7.6.6 y 8.x anterior a 8.4.1 y sysklogd 1.5 y anteriores permiten a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda), posiblemente ejecutar c\u00f3digo arbitrario o tener otro impacto no especificado a trav\u00e9s de un valor de prioridad (PRI) manipulado que provoca un acceso a array fuera de rango."}], "id": "CVE-2014-3634", "lastModified": "2016-10-18T03:44:09.097", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-11-02T00:55:05.923", "references": [{"source": "secalert@redhat.com", "url": "http://advisories.mageia.org/MGASA-2014-0411.html"}, {"source": "secalert@redhat.com", "url": "http://linux.oracle.com/errata/ELSA-2014-1654"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00005.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00020.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00021.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2014-1397.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2014-1654.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2014-1671.html"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/61494"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/61720"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/61930"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2014/dsa-3040"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:130"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2014/09/30/15"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2014/10/03/1"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://www.rsyslog.com/remote-syslog-pri-vulnerability/"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2381-1"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Rainer Gerhards (rsyslog upstream) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2014:1671", "cpe": "cpe:/o:redhat:enterprise_linux:5", "impact": "moderate", "package": "rsyslog5-0:5.8.12-5.el5_11", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2014-10-20T00:00:00Z"}, {"advisory": "RHSA-2014:1654", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "rsyslog7-0:7.4.10-3.el6_6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-16T00:00:00Z"}, {"advisory": "RHSA-2014:1671", "cpe": "cpe:/o:redhat:enterprise_linux:6", "impact": "moderate", "package": "rsyslog-0:5.8.10-9.el6_6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-20T00:00:00Z"}, {"advisory": "RHSA-2014:1397", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "rsyslog-0:7.4.7-7.el7_0", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2014-10-13T00:00:00Z"}], "bugzilla": {"description": "rsyslog: remote syslog PRI vulnerability", "id": "1142373", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1142373"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:A/AC:H/Au:N/C:C/I:C/A:C", "status": "verified"}, "cwe": "CWE-129->CWE-119", "details": ["rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access.", "A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon or, potentially in rsyslog 7.x, execute arbitrary code as the user running the rsyslog daemon."], "name": "CVE-2014-3634", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "impact": "moderate", "package_name": "rsyslog", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "impact": "low", "package_name": "sysklogd", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/a:redhat:openshift:2", "fix_state": "Affected", "package_name": "rsyslog7", "product_name": "Red Hat OpenShift Enterprise 2"}, {"cpe": "cpe:/a:redhat:storage:2.1", "fix_state": "Will not fix", "impact": "moderate", "package_name": "rsyslog", "product_name": "Red Hat Storage 2.1"}], "public_date": "2014-09-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-3634\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3634\nhttp://www.rsyslog.com/remote-syslog-pri-vulnerability/"], "threat_severity": "Important", "upstream_fix": "rsyslog 7.6.6, rsyslog 8.4.1"}