On Sun, Oct 12, 2014 at 4:12 AM, Tobias Stoeckmann <[email protected]> wrote: > our syslogd is also vulnerable to rsyslog's CVE-2014-3634. The CVE is > about parsing the priority from network clients. The priority boundary > isn't properly checked, which could lead to out of bounds access later on.
Have you actually managed to make it crash? I've already committed a check for this when this first came out, mapping out of bounds pri values to LOG_USER, and at that time no one was able to crash the code without the check... > Thoughts? Okays? Meh, seems like overkill. Philip Guenther
