CVE-2022-38725

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions One Identity syslog-ng versions 3.0 through 3.37 syslog-ng Premium Edition version 7.0.30 syslog-ng Store Box version 6.10.0

Description The issue is related to an integer overflow in the RFC3164 parser, which can be exploited by remote attackers to cause a Denial of Service. This can be achieved via crafted syslog input that is mishandled by the tcp or network function.

Recommendations For One Identity syslog-ng versions 3.0 through 3.37, consider disabling the RFC3164 parser until a patch is available. For syslog-ng Premium Edition version 7.0.30, restrict access to the tcp and network functions to minimize the risk of exploitation. For syslog-ng Store Box version 6.10.0, avoid using the affected RFC3164 parser in the syslog input handling process until the issue is resolved.

Fix

DoS

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

AZL-13205

AZL-35289

BDU:2023-09093

CVE-2022-38725

DLA-3348-1

DSA-5369-1

GHSA-7932-4FC6-PVMC

OPENSUSE-SU-2023:0040-1

SUSE-SU-2023:0319-1

SUSE-SU-2023_0319-1

Affected Products

Astra Linux

Red Os

Suse

Syslog-Ng

Syslog-Ng Premium Edition

Syslog-Ng Store Box

CVE-2022-38725

Weakness Enumeration

Related Identifiers

Affected Products

References · 37