CVE-2022-38725: Integer Overflow
First published: Mon Jan 23 2023(Updated: )
An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/syslog-ng | <=3.19.1-5 | 3.19.1-5+deb10u1 3.28.1-2+deb11u1 3.38.1-5 4.3.1-2 |
| Oneidentity Syslog-ng | <3.38.1 | |
| Oneidentity Syslog-ng | <7.0.32 | |
| Oneidentity Syslog-ng Store Box | <6.0.5 | |
| Oneidentity Syslog-ng Store Box | <7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-7932-4fc6-pvmc
- https://github.com/syslog-ng/syslog-ng/pull/4110
- https://security-tracker.debian.org/tracker/CVE-2022-38725
- https://lists.balabit.hu/pipermail/syslog-ng/
- https://lists.debian.org/debian-lts-announce/2023/02/msg00043.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3TZ7U2GQTAHVHJXSSEHQS5D2Q5T6SZB/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QU36HCM3VZYANUYFC6XFYEYJEKQPA2Q7/
- https://security.gentoo.org/glsa/202305-09
- https://www.debian.org/security/2023/dsa-5369
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3TZ7U2GQTAHVHJXSSEHQS5D2Q5T6SZB/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QU36HCM3VZYANUYFC6XFYEYJEKQPA2Q7/
Frequently Asked Questions
What is CVE-2022-38725?
CVE-2022-38725 is an integer overflow vulnerability in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37, which allows remote attackers to cause a Denial of Service via crafted syslog input.
Which software products are affected by CVE-2022-38725?
The affected software products include One Identity syslog-ng versions 3.0 through 3.37, syslog-ng Premium Edition 7.0.30, and syslog-ng Store Box 6.10.0.
How can CVE-2022-38725 be exploited?
CVE-2022-38725 can be exploited by remote attackers sending crafted syslog input that is mishandled by the tcp or network function in the syslog-ng software.
What is the severity of CVE-2022-38725?
CVE-2022-38725 has a severity rating of 7.5 (high).
How can I fix CVE-2022-38725?
To fix CVE-2022-38725, update to One Identity syslog-ng version 3.38.1 or later, syslog-ng Premium Edition version 7.0.32 or later, or syslog-ng Store Box version 6.0.5 or later.
- collector/security-tracker-debian
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/event
- agent/first-publish-date
- agent/description
- package-manager/debian
- vendor/oneidentity
- canonical/oneidentity syslog-ng
- canonical/oneidentity syslog-ng store box