2023-04-03 13:39:50 |
Ghada Khalil |
description |
CVE-2022-38725: https://nvd.nist.gov/vuln/detail/CVE-2022-38725
An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected.
Score:
cve_id status cvss3Score av ac pr ui ai
CVE-2022-24963 fixed 7.5 N L N N H
References:
['syslog-ng_3.28.1-2_all.deb===>syslog-ng_3.28.1-2+deb11u1_all.deb', 'syslog-ng-core_3.28.1-2_amd64.deb===>syslog-ng-core_3.28.1-2+deb11u1_amd64.deb', 'syslog-ng-mod-mongodb_3.28.1-2_amd64.deb===>syslog-ng-mod-mongodb_3.28.1-2+deb11u1_amd64.deb', 'syslog-ng-mod-sql_3.28.1-2_amd64.deb===>syslog-ng-mod-sql_3.28.1-2+deb11u1_amd64.deb'] |
CVE-2022-38725: https://nvd.nist.gov/vuln/detail/CVE-2022-38725
An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected.
Score:
cve_id status cvss3Score av ac pr ui ai
CVE-2022-38725 fixed 7.5 N L N N H
References:
['syslog-ng_3.28.1-2_all.deb===>syslog-ng_3.28.1-2+deb11u1_all.deb', 'syslog-ng-core_3.28.1-2_amd64.deb===>syslog-ng-core_3.28.1-2+deb11u1_amd64.deb', 'syslog-ng-mod-mongodb_3.28.1-2_amd64.deb===>syslog-ng-mod-mongodb_3.28.1-2+deb11u1_amd64.deb', 'syslog-ng-mod-sql_3.28.1-2_amd64.deb===>syslog-ng-mod-sql_3.28.1-2+deb11u1_amd64.deb'] |
|