Wind River Support Network

HomeDefectsLIN1018-9704
Fixed

LIN1018-9704 : Security Advisory - syslog-ng - CVE-2022-38725

Created: Sep 3, 2022    Updated: Feb 5, 2023
Resolved Date: Oct 31, 2022
Found In Version: 10.18.44.1
Fix Version: 10.18.44.29
Severity: Standard
Applicable for: Wind River Linux LTS 18
Component/s: Userspace

Description

An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected.

https://nvd.nist.gov/vuln/detail/CVE-2022-38725

CVEs

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube