CVE-2022-38725 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2022-38725 Interim 1 8 2025-02-16T02:55:29Z current 2023-01-26T00:47:34Z 2025-02-16T02:55:29Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2022-38725 An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2023-February/013705.html E-Mail link for SUSE-SU-2023:0319-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KPVYCA5YR6CSNRS7QCCRAUZAWCZP53WG/ E-Mail link for openSUSE-SU-2023:0040-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings Image SLES12-SP5-SAP-Azure-LI-BYOS-Production SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Server 11 SP3 for Teradata SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Module for Legacy 12 SUSE Linux Enterprise Module for Legacy 12 SUSE Package Hub 15 SP4 openSUSE Leap 15.4 libevtlog-3_35-0-3.35.1-bp154.3.3.1 syslog-ng syslog-ng-3.35.1-bp154.3.3.1 syslog-ng-3.6.4-12.11.1 syslog-ng-curl-3.35.1-bp154.3.3.1 syslog-ng-devel-3.35.1-bp154.3.3.1 syslog-ng-geoip-3.35.1-bp154.3.3.1 syslog-ng-java-3.35.1-bp154.3.3.1 syslog-ng-mqtt-3.35.1-bp154.3.3.1 syslog-ng-python-3.35.1-bp154.3.3.1 syslog-ng-redis-3.35.1-bp154.3.3.1 syslog-ng-smtp-3.35.1-bp154.3.3.1 syslog-ng-snmp-3.35.1-bp154.3.3.1 syslog-ng-sql-3.35.1-bp154.3.3.1 syslog-ng-3.6.4-12.11.1 as a component of Image SLES12-SP5-SAP-Azure-LI-BYOS-Production syslog-ng-3.6.4-12.11.1 as a component of SUSE Linux Enterprise Module for Legacy 12 libevtlog-3_35-0-3.35.1-bp154.3.3.1 as a component of SUSE Package Hub 15 SP4 syslog-ng-3.35.1-bp154.3.3.1 as a component of SUSE Package Hub 15 SP4 syslog-ng-curl-3.35.1-bp154.3.3.1 as a component of SUSE Package Hub 15 SP4 syslog-ng-devel-3.35.1-bp154.3.3.1 as a component of SUSE Package Hub 15 SP4 syslog-ng-geoip-3.35.1-bp154.3.3.1 as a component of SUSE Package Hub 15 SP4 syslog-ng-java-3.35.1-bp154.3.3.1 as a component of SUSE Package Hub 15 SP4 syslog-ng-mqtt-3.35.1-bp154.3.3.1 as a component of SUSE Package Hub 15 SP4 syslog-ng-python-3.35.1-bp154.3.3.1 as a component of SUSE Package Hub 15 SP4 syslog-ng-redis-3.35.1-bp154.3.3.1 as a component of SUSE Package Hub 15 SP4 syslog-ng-smtp-3.35.1-bp154.3.3.1 as a component of SUSE Package Hub 15 SP4 syslog-ng-snmp-3.35.1-bp154.3.3.1 as a component of SUSE Package Hub 15 SP4 syslog-ng-sql-3.35.1-bp154.3.3.1 as a component of SUSE Package Hub 15 SP4 libevtlog-3_35-0-3.35.1-bp154.3.3.1 as a component of openSUSE Leap 15.4 syslog-ng-3.35.1-bp154.3.3.1 as a component of openSUSE Leap 15.4 syslog-ng-curl-3.35.1-bp154.3.3.1 as a component of openSUSE Leap 15.4 syslog-ng-devel-3.35.1-bp154.3.3.1 as a component of openSUSE Leap 15.4 syslog-ng-geoip-3.35.1-bp154.3.3.1 as a component of openSUSE Leap 15.4 syslog-ng-java-3.35.1-bp154.3.3.1 as a component of openSUSE Leap 15.4 syslog-ng-mqtt-3.35.1-bp154.3.3.1 as a component of openSUSE Leap 15.4 syslog-ng-python-3.35.1-bp154.3.3.1 as a component of openSUSE Leap 15.4 syslog-ng-redis-3.35.1-bp154.3.3.1 as a component of openSUSE Leap 15.4 syslog-ng-smtp-3.35.1-bp154.3.3.1 as a component of openSUSE Leap 15.4 syslog-ng-snmp-3.35.1-bp154.3.3.1 as a component of openSUSE Leap 15.4 syslog-ng-sql-3.35.1-bp154.3.3.1 as a component of openSUSE Leap 15.4 syslog-ng as a component of SUSE Linux Enterprise Server 11 SP3 for Teradata An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected. CVE-2022-38725 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:syslog-ng-3.6.4-12.11.1 SUSE Linux Enterprise Module for Legacy 12:syslog-ng-3.6.4-12.11.1 SUSE Package Hub 15 SP4:libevtlog-3_35-0-3.35.1-bp154.3.3.1 SUSE Package Hub 15 SP4:syslog-ng-3.35.1-bp154.3.3.1 SUSE Package Hub 15 SP4:syslog-ng-curl-3.35.1-bp154.3.3.1 SUSE Package Hub 15 SP4:syslog-ng-devel-3.35.1-bp154.3.3.1 SUSE Package Hub 15 SP4:syslog-ng-geoip-3.35.1-bp154.3.3.1 SUSE Package Hub 15 SP4:syslog-ng-java-3.35.1-bp154.3.3.1 SUSE Package Hub 15 SP4:syslog-ng-mqtt-3.35.1-bp154.3.3.1 SUSE Package Hub 15 SP4:syslog-ng-python-3.35.1-bp154.3.3.1 SUSE Package Hub 15 SP4:syslog-ng-redis-3.35.1-bp154.3.3.1 SUSE Package Hub 15 SP4:syslog-ng-smtp-3.35.1-bp154.3.3.1 SUSE Package Hub 15 SP4:syslog-ng-snmp-3.35.1-bp154.3.3.1 SUSE Package Hub 15 SP4:syslog-ng-sql-3.35.1-bp154.3.3.1 openSUSE Leap 15.4:libevtlog-3_35-0-3.35.1-bp154.3.3.1 openSUSE Leap 15.4:syslog-ng-3.35.1-bp154.3.3.1 openSUSE Leap 15.4:syslog-ng-curl-3.35.1-bp154.3.3.1 openSUSE Leap 15.4:syslog-ng-devel-3.35.1-bp154.3.3.1 openSUSE Leap 15.4:syslog-ng-geoip-3.35.1-bp154.3.3.1 openSUSE Leap 15.4:syslog-ng-java-3.35.1-bp154.3.3.1 openSUSE Leap 15.4:syslog-ng-mqtt-3.35.1-bp154.3.3.1 openSUSE Leap 15.4:syslog-ng-python-3.35.1-bp154.3.3.1 openSUSE Leap 15.4:syslog-ng-redis-3.35.1-bp154.3.3.1 openSUSE Leap 15.4:syslog-ng-smtp-3.35.1-bp154.3.3.1 openSUSE Leap 15.4:syslog-ng-snmp-3.35.1-bp154.3.3.1 openSUSE Leap 15.4:syslog-ng-sql-3.35.1-bp154.3.3.1 SUSE Linux Enterprise Server 11 SP3 for Teradata:syslog-ng important 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H