VDB
CVE-2022-38725
CVE-2022-38725
PUBLISHED
Es existiert eine Schwachstelle in Syslog-ng. Der Fehler besteht im syslog-ng-Worker-Thread aufgrund eines ungewollten CPU-Ressourcenverbrauchs. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, indem er eine speziell gestaltete syslog-Nachricht an eine syslog-ng-Quelle sendet, die Nachrichten im RFC3164-Stil akzeptiert, um einen Denial-of-Service-Zustand zu verursachen.
EPSS 4.92% · 89.8th percentile
Risk Scores
EPSS Score
4.92%
89.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian | Debian Linux | |
| Open Source | Open Source Syslog-ng <7.0.32 | |
| SUSE | SUSE Linux | |
| Open Source | Open Source Syslog-ng <3.38.1 | |
| Open Source | Open Source Syslog-ng <6.0.5 | |
| Open Source | Open Source Syslog-ng <7.0 LTS |
Exploit Intelligence
- Proof of Concept for CVE-2022-38725 against syslog-ng (github-poc-repo)
- Proof of Concept for CVE-2022-38725 against syslog-ng (github-poc-repo)
- Proof of Concept for CVE-2022-38725 against syslog-ng (github-poc-repo)
- Proof of Concept for CVE-2022-38725 against syslog-ng (github-poc-repo)
- Proof of Concept for CVE-2022-38725 against syslog-ng (github-poc-repo)
- Proof of Concept for CVE-2022-38725 against syslog-ng (github-poc-repo)
- Proof of Concept for CVE-2022-38725 against syslog-ng (github-poc)
- Proof of Concept for CVE-2022-38725 against syslog-ng (github-poc)
- Proof of Concept for CVE-2022-38725 against syslog-ng (github-poc)
- Proof of Concept for CVE-2022-38725 against syslog-ng (github-poc)
…and 2 more exploits
Timeline
- Jan 23, 2023 CVE Published
- Jan 24, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 15, 2023 EPSS Score
- Jul 5, 2023 EPSS Score
- Aug 14, 2023 EPSS Score
- Nov 3, 2023 EPSS Score
- Jan 23, 2024 EPSS Score
- Mar 3, 2024 EPSS Score
- May 23, 2024 EPSS Score
- Aug 12, 2024 EPSS Score
- Sep 21, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0203.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0203 advisory
- https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-7932-4fc6-pvmc advisory
- https://lists.suse.com/pipermail/sle-security-updates/2023-February/013705.html advisory
- https://lists.debian.org/debian-lts-announce/2023/02/msg00043.html advisory
- https://lists.debian.org/debian-security-announce/2023/msg00058.html advisory
- https://www.ibm.com/support/pages/node/7173420 advisory