Search for packages
Package details: pkg:deb/debian/syslog-ng@3.38.1-5
purl pkg:deb/debian/syslog-ng@3.38.1-5
Next non-vulnerable version 4.8.1-5
Latest non-vulnerable version 4.8.1-5
Risk 3.4
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-hdcc-cab9-x3eu
Aliases:
CVE-2024-47619
syslog-ng is an enhanced log daemo. Prior to version 4.8.2, `tls_wildcard_match()` matches on certificates such as `foo.*.bar` although that is not allowed. It is also possible to pass partial wildcards such as `foo.a*c.bar` which glib matches but should be avoided / invalidated. This issue could have an impact on TLS connections, such as in man-in-the-middle situations. Version 4.8.2 contains a fix for the issue.
4.8.1-5
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-hdcc-cab9-x3eu syslog-ng is an enhanced log daemo. Prior to version 4.8.2, `tls_wildcard_match()` matches on certificates such as `foo.*.bar` although that is not allowed. It is also possible to pass partial wildcards such as `foo.a*c.bar` which glib matches but should be avoided / invalidated. This issue could have an impact on TLS connections, such as in man-in-the-middle situations. Version 4.8.2 contains a fix for the issue. CVE-2024-47619

Date Actor Action Vulnerability Source VulnerableCode Version
2025-08-01T14:02:06.989327+00:00 Debian Oval Importer Fixing VCID-hdcc-cab9-x3eu https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T12:44:36.668760+00:00 Debian Importer Affected by VCID-hdcc-cab9-x3eu https://security-tracker.debian.org/tracker/data/json 37.0.0