Cyber Resilience

CVE-2022-38725

High

Published: 23 January 2023

Published
23 January 2023
Modified
03 April 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0492 89.8th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-38725 is a high-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Oneidentity Syslog-Ng. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 10.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

An integer overflow vulnerability exists in the RFC3164 parser within One Identity syslog-ng versions 3.0 through 3.37, as well as syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0. The flaw, tracked as CWE-190, occurs when crafted syslog messages are processed by the tcp or network input functions, potentially leading to a crash or other denial-of-service conditions. The issue carries a CVSS 3.1 score of 7.5, reflecting network-accessible attack complexity with high impact on availability and no required privileges or user interaction.

Remote attackers can exploit the vulnerability by sending specially crafted syslog input over TCP or network connections to affected instances. Successful exploitation results in a denial of service, disrupting log collection and processing without affecting confidentiality or integrity.

Vendor and distribution advisories, including the GitHub security advisory and lists from Debian, Fedora, and Balabit, reference patches and updated packages that address the integer overflow in the parser. Administrators are directed to apply the fixes or upgrade to non-vulnerable releases as outlined in those sources.

The associated EPSS score remains low, with a current value of 0.0492 and a peak of 0.0587, indicating limited observed exploitation interest following disclosure.

EU & UK References

Vulnerability details

An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30…

more

and syslog-ng Store Box 6.10.0 are also affected.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

oneidentity
syslog-ng
≤ 3.38.1 · ≤ 7.0.32
oneidentity
syslog-ng store box
≤ 6.0.5 · ≤ 7.0

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References