A denial of service vulnerability was discovered in rsyslog related to syslog input over the network.
Package | app-admin/syslog-ng on all architectures |
---|---|
Affected versions | < 3.38.1 |
Unaffected versions | >= 3.38.1 |
syslog replacement with advanced filtering features.
An integer overflow in the RFC3164 parser allows remote attackers to cause a denial of service via crafted syslog input that is mishandled by the tcp or network function.
Attackers with access to input syslogs over syslog-ng's network functionality can cause a denial of service.
There is no known workaround at this time.
All syslog-ng users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/syslog-ng-3.38.1"
Release date
May 03, 2023
Latest revision
May 03, 2023: 1
Severity
normal
Exploitable
remote
Bugzilla entries