CVE-2022-38725

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected.

Un desbordamiento de enteros en el analizador RFC3164 en One Identity syslog-ng 3.0 a 3.37 permite a atacantes remotos provocar una Denegación de Servicio a través de una entrada syslog manipulada que es mal manejada por el tcp o la función de red. syslog-ng Premium Edition 7.0.30 y syslog-ng Store Box 6.10.0 también se ven afectados.

*Credits: N/A

CVSS Scores

NISTv3.1 7.5

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-08-24 CVE Reserved
2023-01-23 CVE Published
2024-08-03 CVE Updated
2024-08-12 First Exploit
2024-09-13 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-190: Integer Overflow or Wraparound

CAPEC

References (8)

URL	Tag	Source
https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-7932-4fc6-pvmc	Third Party Advisory
https://lists.balabit.hu/pipermail/syslog-ng	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/02/msg00043.html	Mailing List

URL	Date	SRC
https://github.com/wdahlenburg/CVE-2022-38725	2024-08-12

URL	Date	SRC

URL	Date	SRC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3TZ7U2GQTAHVHJXSSEHQS5D2Q5T6SZB	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QU36HCM3VZYANUYFC6XFYEYJEKQPA2Q7	2023-11-07
https://security.gentoo.org/glsa/202305-09	2023-11-07
https://www.debian.org/security/2023/dsa-5369	2023-11-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Oneidentity Search vendor "Oneidentity"		Syslog-ng Search vendor "Oneidentity" for product "Syslog-ng"				< 3.38.1 Search vendor "Oneidentity" for product "Syslog-ng" and version " < 3.38.1"		-		Affected
Oneidentity Search vendor "Oneidentity"		Syslog-ng Search vendor "Oneidentity" for product "Syslog-ng"				< 7.0.32 Search vendor "Oneidentity" for product "Syslog-ng" and version " < 7.0.32"		premium		Affected
Oneidentity Search vendor "Oneidentity"		Syslog-ng Store Box Search vendor "Oneidentity" for product "Syslog-ng Store Box"				< 6.0.5 Search vendor "Oneidentity" for product "Syslog-ng Store Box" and version " < 6.0.5"		-		Affected
Oneidentity Search vendor "Oneidentity"		Syslog-ng Store Box Search vendor "Oneidentity" for product "Syslog-ng Store Box"				< 7.0 Search vendor "Oneidentity" for product "Syslog-ng Store Box" and version " < 7.0"		lts		Affected