Balabit Syslog-NG 1.4.x prior to 1.4.15, and 1.5.x prior to 1.5.20, when using template filenames or output, does not properly track the size of a buffer when constant characters are encountered during macro expansion, which allows remote malicious users to cause a denial of service and possibly execute arbitrary code.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oneidentity syslog-ng 1.4.0 |
||
oneidentity syslog-ng 1.4.7 |
||
oneidentity syslog-ng 1.4.8 |
||
oneidentity syslog-ng 1.4.9 |
||
oneidentity syslog-ng 1.4.10 |
||
oneidentity syslog-ng 1.4.15 |
||
oneidentity syslog-ng 1.5.15 |
||
oneidentity syslog-ng 1.5.20 |