CVE-2022-38725

CVSS V2 None CVSS V3 None
Description
An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected.
Overview
  • CVE ID
  • CVE-2022-38725
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2023-01-23T16:15:10
  • Last Modified Date
  • 2023-05-03T12:16:12
Weakness Enumerations
CWE URL
CWE-190 http://cwe.mitre.org/data/definitions/190.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:oneidentity:syslog-ng:*:*:*:*:-:*:*:* 1 OR 3.38.1
cpe:2.3:a:oneidentity:syslog-ng:*:*:*:*:premium:*:*:* 1 OR 7.0.32
cpe:2.3:a:oneidentity:syslog-ng_store_box:*:*:*:*:-:*:*:* 1 OR 6.0.5
cpe:2.3:a:oneidentity:syslog-ng_store_box:*:*:*:*:lts:*:*:* 1 OR 7.0
References
Reference URL Reference Tags
https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-7932-4fc6-pvmc Third Party Advisory
https://lists.balabit.hu/pipermail/syslog-ng/ Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/02/msg00043.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3TZ7U2GQTAHVHJXSSEHQS5D2Q5T6SZB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QU36HCM3VZYANUYFC6XFYEYJEKQPA2Q7/
https://security.gentoo.org/glsa/202305-09
https://www.debian.org/security/2023/dsa-5369
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-38725
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38725
History
Created Old Value New Value Data Type Notes
2023-01-23 17:13:56 Added to TrackCVE
2023-01-23 19:14:25 2023-01-23T17:17:06 CVE Modified Date updated
2023-01-23 19:14:25 Received Awaiting Analysis Vulnerability Status updated
2023-01-31 14:13:39 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2023-02-03 17:14:35 2023-02-03T16:52:33 CVE Modified Date updated
2023-02-03 17:14:35 Undergoing Analysis Analyzed Vulnerability Status updated
2023-02-03 17:14:36 Weakness Enumeration new
2023-02-03 17:14:36 CPE Information updated
2023-02-15 03:15:54 2023-02-15T03:15:10 CVE Modified Date updated
2023-02-15 03:15:54 Analyzed Modified Vulnerability Status updated
2023-02-15 03:15:54 References updated
2023-03-01 03:17:05 2023-03-01T02:15:51 CVE Modified Date updated
2023-03-01 03:17:05 References updated
2023-03-06 16:16:00 2023-03-06T16:15:09 CVE Modified Date updated
2023-03-06 16:16:01 References updated
2023-05-03 13:03:58 2023-05-03T12:16:12 CVE Modified Date updated
2023-05-03 13:04:09 References updated