Описание
Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when using template filenames or output, does not properly track the size of a buffer when constant characters are encountered during macro expansion, which allows remote attackers to cause a denial of service and possibly execute arbitrary code.
Ссылки
- Broken Link
- Third Party Advisory
- ExploitPatchVendor Advisory
- PatchThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- Broken Link
- Third Party Advisory
- ExploitPatchVendor Advisory
- PatchThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- ExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:oneidentity:syslog-ng:1.4.0:rc3:*:*:*:*:*:*
cpe:2.3:a:oneidentity:syslog-ng:1.4.7:*:*:*:*:*:*:*
cpe:2.3:a:oneidentity:syslog-ng:1.4.8:*:*:*:*:*:*:*
cpe:2.3:a:oneidentity:syslog-ng:1.4.9:*:*:*:*:*:*:*
cpe:2.3:a:oneidentity:syslog-ng:1.4.10:*:*:*:*:*:*:*
cpe:2.3:a:oneidentity:syslog-ng:1.4.15:*:*:*:*:*:*:*
cpe:2.3:a:oneidentity:syslog-ng:1.5.15:*:*:*:*:*:*:*
cpe:2.3:a:oneidentity:syslog-ng:1.5.20:*:*:*:*:*:*:*
EPSS
Процентиль: 91%
0.0653
Низкий
7.5 High
CVSS2
Дефекты
CWE-119
Связанные уязвимости
debian
почти 23 года назад
Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when u ...
github
больше 3 лет назад
Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when using template filenames or output, does not properly track the size of a buffer when constant characters are encountered during macro expansion, which allows remote attackers to cause a denial of service and possibly execute arbitrary code.
EPSS
Процентиль: 91%
0.0653
Низкий
7.5 High
CVSS2
Дефекты
CWE-119