VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-53pp-6csu-3uap

Essentials
Severities (43)
References (10)
Severity details (9)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-53pp-6csu-3uap
Aliases	CVE-2024-47619
Summary	syslog-ng is an enhanced log daemo. Prior to version 4.8.2, `tls_wildcard_match()` matches on certificates such as `foo..bar` although that is not allowed. It is also possible to pass partial wildcards such as `foo.ac.bar` which glib matches but should be avoided / invalidated. This issue could have an impact on TLS connections, such as in man-in-the-middle situations. Version 4.8.2 contains a fix for the issue.
Status	Published
Exploitability	0.5
Weighted Severity	6.8
Risk	3.4
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-295

Improper Certificate Validation

System	Score	Found at
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2024-47619
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2024-47619
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2024-47619
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2024-47619
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2024-47619
epss	0.00021	https://api.first.org/data/v1/epss?cve=CVE-2024-47619
epss	0.00021	https://api.first.org/data/v1/epss?cve=CVE-2024-47619
epss	0.00021	https://api.first.org/data/v1/epss?cve=CVE-2024-47619
epss	0.00021	https://api.first.org/data/v1/epss?cve=CVE-2024-47619
epss	0.00021	https://api.first.org/data/v1/epss?cve=CVE-2024-47619
epss	0.00021	https://api.first.org/data/v1/epss?cve=CVE-2024-47619
epss	0.00021	https://api.first.org/data/v1/epss?cve=CVE-2024-47619
epss	0.00021	https://api.first.org/data/v1/epss?cve=CVE-2024-47619
epss	0.00021	https://api.first.org/data/v1/epss?cve=CVE-2024-47619
epss	0.00021	https://api.first.org/data/v1/epss?cve=CVE-2024-47619
epss	0.00021	https://api.first.org/data/v1/epss?cve=CVE-2024-47619
epss	0.00021	https://api.first.org/data/v1/epss?cve=CVE-2024-47619
epss	0.00021	https://api.first.org/data/v1/epss?cve=CVE-2024-47619
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2024-47619
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2024-47619
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2024-47619
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2024-47619
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2024-47619
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2024-47619
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2024-47619
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2024-47619
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2024-47619
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2024-47619
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2024-47619
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2024-47619
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2024-47619
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2024-47619
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2024-47619
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2024-47619
cvssv3.1	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	7.5	https://github.com/syslog-ng/syslog-ng/blob/b0ccc8952d333fbc2d97e51fddc0b569a15e7a7d/lib/transport/tls-verifier.c#L78-L110
ssvc	Track	https://github.com/syslog-ng/syslog-ng/blob/b0ccc8952d333fbc2d97e51fddc0b569a15e7a7d/lib/transport/tls-verifier.c#L78-L110
cvssv3.1	7.5	https://github.com/syslog-ng/syslog-ng/commit/dadfdbecde5bfe710b0a6ee5699f96926b3f9006
ssvc	Track	https://github.com/syslog-ng/syslog-ng/commit/dadfdbecde5bfe710b0a6ee5699f96926b3f9006
cvssv3.1	7.5	https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.8.2
ssvc	Track	https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.8.2
cvssv3.1	7.5	https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-xr54-gx74-fghg
ssvc	Track	https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-xr54-gx74-fghg

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2024-47619
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47619
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://lists.debian.org/debian-lts-announce/2025/05/msg00034.html
1104890		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104890
CVE-2024-47619		https://nvd.nist.gov/vuln/detail/CVE-2024-47619
dadfdbecde5bfe710b0a6ee5699f96926b3f9006		https://github.com/syslog-ng/syslog-ng/commit/dadfdbecde5bfe710b0a6ee5699f96926b3f9006
GHSA-xr54-gx74-fghg		https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-xr54-gx74-fghg
syslog-ng-4.8.2		https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.8.2
tls-verifier.c#L78-L110		https://github.com/syslog-ng/syslog-ng/blob/b0ccc8952d333fbc2d97e51fddc0b569a15e7a7d/lib/transport/tls-verifier.c#L78-L110

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/syslog-ng/syslog-ng/blob/b0ccc8952d333fbc2d97e51fddc0b569a15e7a7d/lib/transport/tls-verifier.c#L78-L110

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-07T17:22:10Z/ Found at https://github.com/syslog-ng/syslog-ng/blob/b0ccc8952d333fbc2d97e51fddc0b569a15e7a7d/lib/transport/tls-verifier.c#L78-L110

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/syslog-ng/syslog-ng/commit/dadfdbecde5bfe710b0a6ee5699f96926b3f9006

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-07T17:22:10Z/ Found at https://github.com/syslog-ng/syslog-ng/commit/dadfdbecde5bfe710b0a6ee5699f96926b3f9006

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.8.2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-07T17:22:10Z/ Found at https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.8.2

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-xr54-gx74-fghg

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-07T17:22:10Z/ Found at https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-xr54-gx74-fghg

Exploit Prediction Scoring System (EPSS)

Percentile	0.02312
EPSS Score	0.00016
Published At	May 8, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-05-07T23:35:49.054553+00:00	Debian Importer	Import	https://security-tracker.debian.org/tracker/data/json	36.0.0