[Debian] CVE: CVE-2022-38725: syslog-ng: An integer overflow in the RFC3164 parser
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
High
|
ZhangXiao |
Bug Description
CVE-2022-38725: https:/
An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected.
Score:
cve_id status cvss3Score av ac pr ui ai
CVE-2022-38725 fixed 7.5 N L N N H
References:
['syslog-
CVE References
information type: | Public → Public Security |
Changed in starlingx: | |
importance: | Undecided → High |
status: | New → Triaged |
tags: | added: stx.9.0 stx.security |
Changed in starlingx: | |
assignee: | nobody → ZhangXiao (zhangxiao-windriver) |
description: | updated |
Fix proposed to branch: master /review. opendev. org/c/starlingx /tools/ +/879344
Review: https:/