CVE-2022-38725
Published: 23 January 2023
Summary
CVE-2022-38725 is a high-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Oneidentity Syslog-Ng. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 10.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
An integer overflow vulnerability exists in the RFC3164 parser within One Identity syslog-ng versions 3.0 through 3.37, as well as syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0. The flaw, tracked as CWE-190, occurs when crafted syslog messages are processed by the tcp or network input functions, potentially leading to a crash or other denial-of-service conditions. The issue carries a CVSS 3.1 score of 7.5, reflecting network-accessible attack complexity with high impact on availability and no required privileges or user interaction.
Remote attackers can exploit the vulnerability by sending specially crafted syslog input over TCP or network connections to affected instances. Successful exploitation results in a denial of service, disrupting log collection and processing without affecting confidentiality or integrity.
Vendor and distribution advisories, including the GitHub security advisory and lists from Debian, Fedora, and Balabit, reference patches and updated packages that address the integer overflow in the parser. Administrators are directed to apply the fixes or upgrade to non-vulnerable releases as outlined in those sources.
The associated EPSS score remains low, with a current value of 0.0492 and a peak of 0.0587, indicating limited observed exploitation interest following disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-41292
Vulnerability details
An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30…
more
and syslog-ng Store Box 6.10.0 are also affected.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.