Wind River Support Network

HomeDefectsLIN1021-4254
Fixed

LIN1021-4254 : Security Advisory - syslog-ng - CVE-2022-38725

Created: Sep 3, 2022    Updated: Mar 31, 2023
Resolved Date: Nov 5, 2022
Found In Version: 10.21.20.1
Fix Version: 10.21.20.17
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Userspace

Description

An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected.

https://nvd.nist.gov/vuln/detail/CVE-2022-38725

CVEs

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube