发布于3月6日3月6日 Members SUSE: CVE-2022-38725: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/23/2023 Created 02/07/2023 Added 02/06/2023 Modified 01/28/2025 Description An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected. Solution(s) suse-upgrade-libevtlog-3_35-0 suse-upgrade-syslog-ng suse-upgrade-syslog-ng-curl suse-upgrade-syslog-ng-devel suse-upgrade-syslog-ng-geoip suse-upgrade-syslog-ng-java suse-upgrade-syslog-ng-mqtt suse-upgrade-syslog-ng-python suse-upgrade-syslog-ng-redis suse-upgrade-syslog-ng-smtp suse-upgrade-syslog-ng-snmp suse-upgrade-syslog-ng-sql References https://attackerkb.com/topics/cve-2022-38725 CVE - 2022-38725
参与讨论
你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。
注意:你的帖子需要版主批准后才能看到。