CVE-2022-38725

NameCVE-2022-38725
DescriptionAn integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3348-1, DSA-5369-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
syslog-ng (PTS)buster3.19.1-5vulnerable
buster (security)3.19.1-5+deb10u1fixed
bullseye (security), bullseye3.28.1-2+deb11u1fixed
bookworm3.38.1-5fixed
sid4.3.1-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
syslog-ngsourcebuster3.19.1-5+deb10u1DLA-3348-1
syslog-ngsourcebullseye3.28.1-2+deb11u1DSA-5369-1
syslog-ngsource(unstable)3.38.1-1

Notes

https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-7932-4fc6-pvmc
https://github.com/syslog-ng/syslog-ng/pull/4110

Search for package or bug name: Reporting problems