ALT-PU-2025-6086-3
Closed vulnerabilities
Published: 2023-01-10
BDU:2023-09093
Уязвимость анализатора RFC3164 утилиты для обработки логов Syslog-ng, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2023-01-23
Modified: 2025-04-03
Modified: 2025-04-03
CVE-2022-38725
An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected.
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-7932-4fc6-pvmc
- https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-7932-4fc6-pvmc
- https://lists.balabit.hu/pipermail/syslog-ng/
- https://lists.balabit.hu/pipermail/syslog-ng/
- [debian-lts-announce] 20230228 [SECURITY] [DLA 3348-1] syslog-ng security update
- [debian-lts-announce] 20230228 [SECURITY] [DLA 3348-1] syslog-ng security update
- FEDORA-2023-43eb573065
- FEDORA-2023-43eb573065
- FEDORA-2023-3d44a41fa3
- FEDORA-2023-3d44a41fa3
- GLSA-202305-09
- GLSA-202305-09
- DSA-5369
- DSA-5369
Closed bugs
FTBFS на i586