CVE-2007-6437

2007-12-1921:46:00

CWE-20

[email protected]

web.nvd.nist.gov

balabit syslog-ng

cve-2007-6437

denial of service

crash

null pointer dereference

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.2 Medium

AI Score

Confidence

Low

0.497 Medium

EPSS

Percentile

97.5%

JSON

Balabit syslog-ng 2.0.x before 2.0.6 and 2.1.x before 2.1.8 allows remote attackers to cause a denial of service (crash) via a message with a timestamp that does not contain a trailing space, which triggers a NULL pointer dereference.

Affected configurations

NVD

Node

balabitsyslog-ng_open_source_editionRange≤2.0.6

balabitsyslog-ng_premium_editionRange≤2.1.8

CPENameOperatorVersion
balabit:syslog-ng_open_source_editionbalabit syslog-ng open source editionle2.0.6
balabit:syslog-ng_premium_editionbalabit syslog-ng premium editionle2.1.8

CPE	Name	Operator	Version
balabit:syslog-ng_open_source_edition	balabit syslog-ng open source edition	le	2.0.6
balabit:syslog-ng_premium_edition	balabit syslog-ng premium edition	le	2.1.8