An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected.
References
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 03:50
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2023-01-23 16:15
Updated : 2024-02-28 19:51
NVD link : CVE-2022-38725
Mitre link : CVE-2022-38725
CVE.ORG link : CVE-2022-38725
JSON object : View
Products Affected
oneidentity
- syslog-ng
- syslog-ng_store_box
CWE
CWE-190
Integer Overflow or Wraparound