Comment 0 for bug 2012868

CVE-2022-38725: https://nvd.nist.gov/vuln/detail/CVE-2022-38725

An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected.

Score:
cve_id status cvss3Score av ac pr ui ai
CVE-2022-24963 fixed 7.5 N L N N H

References:
['syslog-ng_3.28.1-2_all.deb===>syslog-ng_3.28.1-2+deb11u1_all.deb', 'syslog-ng-core_3.28.1-2_amd64.deb===>syslog-ng-core_3.28.1-2+deb11u1_amd64.deb', 'syslog-ng-mod-mongodb_3.28.1-2_amd64.deb===>syslog-ng-mod-mongodb_3.28.1-2+deb11u1_amd64.deb', 'syslog-ng-mod-sql_3.28.1-2_amd64.deb===>syslog-ng-mod-sql_3.28.1-2+deb11u1_amd64.deb']