CVE-2022-38725

Name
CVE-2022-38725
Description
An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://lists.balabit.hu/pipermail/syslog-ng/
MISC https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-7932-4fc6-pvmc
MLIST https://lists.debian.org/debian-lts-announce/2023/02/msg00043.html
DEBIAN https://www.debian.org/security/2023/dsa-5369
GENTOO https://security.gentoo.org/glsa/202305-09
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3TZ7U2GQTAHVHJXSSEHQS5D2Q5T6SZB/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QU36HCM3VZYANUYFC6XFYEYJEKQPA2Q7/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:oneidentity:syslog-ng_store_box:*:*:*:*:lts:*:*:* syslog-ng_store_box >= None < 7.0
cpe:2.3:a:oneidentity:syslog-ng_store_box:*:*:*:*:-:*:*:* syslog-ng_store_box >= None < 6.0.5
cpe:2.3:a:oneidentity:syslog-ng:*:*:*:*:premium:*:*:* syslog-ng >= None < 7.0.32
cpe:2.3:a:oneidentity:syslog-ng:*:*:*:*:-:*:*:* syslog-ng >= None < 3.38.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
syslog-ng 3.18-main 4.1.1-r2 jv <jens@eisfair.org> possibly vulnerable
syslog-ng 3.17-main 3.38.1-r0 jv <jens@eisfair.org> possibly vulnerable
syslog-ng 3.16-main 3.36.1-r0 jv <jens@eisfair.org> possibly vulnerable
syslog-ng 3.15-main 3.30.1-r4 jv <jens@eisfair.org> possibly vulnerable
syslog-ng 3.19-main 4.5.0-r0 jv <jens@eisfair.org> possibly vulnerable
syslog-ng 3.20-main 4.7.1-r1 jv <jens@eisfair.org> possibly vulnerable
syslog-ng edge-main 4.8.0-r0 jv <jens@eisfair.org> possibly vulnerable