Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2022-38725

Published: 23/01/2023 Updated: 07/11/2023
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Oneidentity

Vulnerability Summary

An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 up to and including 3.37 allows remote malicious users to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

oneidentity syslog-ng store box

oneidentity syslog-ng

Vendor Advisories

Debian Security Advisories: DSA-5369-1 syslog-ng -- security update
It was discovered that an integer overflow in the RFC3164 parser of syslog-ng, a system logging daemon, may result in denial of service via malformed syslog messages For the stable distribution (bullseye), this problem has been fixed in version 3281-2+deb11u1 We recommend that you upgrade your syslog-ng packages For the detailed security statu ...
Brocade Security Advisories: Access Denied
Menu Log in ...

ICS Advisories

https://ics-cert.us-cert.gov/advisories/0600b443ff4393d097c485fbc8d3ed3b
Critical Infrastructure Sectors: Critical Manufacturing

References

CWE-190https://lists.balabit.hu/pipermail/syslog-ng/https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-7932-4fc6-pvmchttps://lists.debian.org/debian-lts-announce/2023/02/msg00043.htmlhttps://www.debian.org/security/2023/dsa-5369https://security.gentoo.org/glsa/202305-09https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3TZ7U2GQTAHVHJXSSEHQS5D2Q5T6SZB/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QU36HCM3VZYANUYFC6XFYEYJEKQPA2Q7/https://nvd.nist.govhttps://www.debian.org/security/2023/dsa-5369https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-11
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
XXECVE-2024-34490SQL injectionCVE-2024-34488CVE-2024-4507CVE-2023-7028CVE-2024-23187TCPCVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook