An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected.
Score:
cve_id status cvss3Score av ac pr ui ai
CVE-2022-24963 fixed 7.5 N L N N H
CVE-2022-38725: https:/ /nvd.nist. gov/vuln/ detail/ CVE-2022- 38725
An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected.
Score:
cve_id status cvss3Score av ac pr ui ai
CVE-2022-24963 fixed 7.5 N L N N H
References: ng_3.28. 1-2_all. deb===> syslog- ng_3.28. 1-2+deb11u1_ all.deb' , 'syslog- ng-core_ 3.28.1- 2_amd64. deb===> syslog- ng-core_ 3.28.1- 2+deb11u1_ amd64.deb' , 'syslog- ng-mod- mongodb_ 3.28.1- 2_amd64. deb===> syslog- ng-mod- mongodb_ 3.28.1- 2+deb11u1_ amd64.deb' , 'syslog- ng-mod- sql_3.28. 1-2_amd64. deb===> syslog- ng-mod- sql_3.28. 1-2+deb11u1_ amd64.deb' ]
['syslog-