SUSE CVE-2011-1951

lib/logmatcher.c in Balabit syslog-ng before 3.2.4, when the global flag is set and when using PCRE 8.12 and possibly other versions, allows remote attackers to cause a denial of service memory consumption via a message that does not match a regular expression...

SUSE CVE-2011-3200

Stack-based buffer overflow in the parseLegacySyslogMsg function in tools/syslogd.c in rsyslogd in rsyslog 4.6.x before 4.6.8 and 5.2.0 through 5.8.4 might allow remote attackers to cause a denial of service application exit via a long TAG in a legacy syslog message...

SUSE CVE-2014-3634

rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service crash, possibly execute arbitrary code, or have other unspecified impact via a crafted priority PRI value that triggers an out-of-bounds array access...

SUSE CVE-2018-16864

An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges...

SUSE CVE-2020-8019

A UNIX Symbolic Link Symlink Following vulnerability in the packaging of syslog-ng of SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Module for Legacy Software 12, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server...

SUSE CVE-2022-38725

An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected...

SUSE CVE-2022-39046

An issue was discovered in the GNU C Library glibc 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap...

[SECURITY] Fedora 37 Update: syslog-ng-3.37.1-2.fc37

syslog-ng is an enhanced log daemon, supporting a wide range of input and output methods: syslog, unstructured text, message queues, databases SQL and NoSQL alike and more. Key features: receive and send RFC3164 and RFC5424 style syslog messages work with any kind of unstructured data receive and...

[SECURITY] Fedora 36 Update: syslog-ng-3.35.1-4.fc36

syslog-ng is an enhanced log daemon, supporting a wide range of input and output methods: syslog, unstructured text, message queues, databases SQL and NoSQL alike and more. Key features: receive and send RFC3164 and RFC5424 style syslog messages work with any kind of unstructured data receive and...

Fedora: Security Advisory for syslog-ng (FEDORA-2023-3d44a41fa3)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for syslog-ng (FEDORA-2023-43eb573065)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE SLES12 Security Update : syslog-ng (SUSE-SU-2023:0319-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:0319-1 advisory. - An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service...

Fedora 36 : syslog-ng (2023-43eb573065)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-43eb573065 advisory. Security fix for CVE-2022-38725 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

Fedora 37 : syslog-ng (2023-3d44a41fa3)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-3d44a41fa3 advisory. Security fix for CVE-2022-38725 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

SUSE: Security Advisory (SUSE-SU-2023:0319-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2023:0319-1 Security update for syslog-ng

This update for syslog-ng fixes the following issues: - CVE-2022-38725: Fixed an integer overflow in the RFC3164 protocol parser bsc1207460...

openSUSE 15 Security Update : syslog-ng (openSUSE-SU-2023:0040-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2023:0040-1 advisory. - An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted...

An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected.

...

Security update for syslog-ng (moderate)

openSUSE Security Update: Security update for syslog-ng Announcement ID: openSUSE-SU-2023:0040-1 Rating: moderate References: 1207460 Cross-References: CVE-2022-38725 CVSS scores: CVE-2022-38725 NVD : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-38725 SUSE: 7.5...

OPENSUSE-SU-2023:0040-1 Security update for syslog-ng

This update for syslog-ng fixes the following issues: - CVE-2022-38725: Fixed integer overflow in parsers that allowed a remote denial of service boo1207460...