Wind River Support Network

HomeDefectsLIN10-10517
Fixed

LIN10-10517 : Security Advisory - syslog-ng - CVE-2022-38725

Created: Sep 3, 2022    Updated: Jan 24, 2023
Resolved Date: Oct 29, 2022
Found In Version: 10.17.41.1
Fix Version: 10.17.41.27
Severity: Standard
Applicable for: Wind River Linux LTS 17
Component/s: Userspace

Description

An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected.

https://nvd.nist.gov/vuln/detail/CVE-2022-38725

CVEs

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube