Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2022-38725

Good to know:

icon

Date: January 22, 2023

An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected.

Language: C

Severity Score

Related Resources (12)

https://security-tracker.debian.org/tracker/CVE-2022-38725
https://nvd.nist.gov/vuln/detail/CVE-2022-38725
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QU36HCM3VZYANUYFC6XFYEYJEKQPA2Q7/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3TZ7U2GQTAHVHJXSSEHQS5D2Q5T6SZB/
https://lists.balabit.hu/pipermail/syslog-ng/
https://security.gentoo.org/glsa/202305-09
https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-7932-4fc6-pvmc
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3TZ7U2GQTAHVHJXSSEHQS5D2Q5T6SZB/
https://www.debian.org/security/2023/dsa-5369
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QU36HCM3VZYANUYFC6XFYEYJEKQPA2Q7/
https://lists.debian.org/debian-lts-announce/2023/02/msg00043.html
https://www.mend.io/vulnerability-database/CVE-2022-38725

Severity Score

Weakness Type (CWE)

Integer Overflow or Wraparound

CWE-190

Top Fix

icon

Upgrade Version

Upgrade to version syslog-ng-3.38.1

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

Do you need more information?

Contact Us