VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-x565-pma5-aaab

Essentials
Severities (96)
References (17)
Severity details (17)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-x565-pma5-aaab
Aliases	CVE-2022-38725
Summary	An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected.
Status	Published
Exploitability	0.5
Weighted Severity	6.8
Risk	3.4
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-190

Integer Overflow or Wraparound

System	Score	Found at
epss	0.01472	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.01472	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.01472	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.01472	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.01474	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.01474	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.01474	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.01474	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.01474	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.01474	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.01474	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.01474	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.01474	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.01474	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.01474	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.01474	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.04599	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
epss	0.31778	https://api.first.org/data/v1/epss?cve=CVE-2022-38725
cvssv3.1	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	7.5	https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-7932-4fc6-pvmc
ssvc	Track	https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-7932-4fc6-pvmc
cvssv3.1	7.5	https://lists.balabit.hu/pipermail/syslog-ng/
ssvc	Track	https://lists.balabit.hu/pipermail/syslog-ng/
cvssv3.1	7.5	https://lists.debian.org/debian-lts-announce/2023/02/msg00043.html
ssvc	Track	https://lists.debian.org/debian-lts-announce/2023/02/msg00043.html
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3TZ7U2GQTAHVHJXSSEHQS5D2Q5T6SZB/
ssvc	Track	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3TZ7U2GQTAHVHJXSSEHQS5D2Q5T6SZB/
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QU36HCM3VZYANUYFC6XFYEYJEKQPA2Q7/
ssvc	Track	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QU36HCM3VZYANUYFC6XFYEYJEKQPA2Q7/
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2022-38725
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2022-38725
cvssv3.1	7.5	https://security.gentoo.org/glsa/202305-09
ssvc	Track	https://security.gentoo.org/glsa/202305-09
cvssv3.1	7.5	https://www.debian.org/security/2023/dsa-5369
ssvc	Track	https://www.debian.org/security/2023/dsa-5369

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2022-38725
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38725
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-7932-4fc6-pvmc
		https://lists.balabit.hu/pipermail/syslog-ng/
		https://lists.debian.org/debian-lts-announce/2023/02/msg00043.html
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3TZ7U2GQTAHVHJXSSEHQS5D2Q5T6SZB/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QU36HCM3VZYANUYFC6XFYEYJEKQPA2Q7/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3TZ7U2GQTAHVHJXSSEHQS5D2Q5T6SZB/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QU36HCM3VZYANUYFC6XFYEYJEKQPA2Q7/
		https://security.gentoo.org/glsa/202305-09
		https://www.debian.org/security/2023/dsa-5369
cpe:2.3:a:oneidentity:syslog-ng:::::-:::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oneidentity:syslog-ng:::::-:::*
cpe:2.3:a:oneidentity:syslog-ng:::::premium:::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oneidentity:syslog-ng:::::premium:::*
cpe:2.3:a:oneidentity:syslog-ng_store_box:::::-:::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oneidentity:syslog-ng_store_box:::::-:::*
cpe:2.3:a:oneidentity:syslog-ng_store_box:::::lts:::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oneidentity:syslog-ng_store_box:::::lts:::*
CVE-2022-38725		https://nvd.nist.gov/vuln/detail/CVE-2022-38725

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-7932-4fc6-pvmc

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:35:13Z/ Found at https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-7932-4fc6-pvmc

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.balabit.hu/pipermail/syslog-ng/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:35:13Z/ Found at https://lists.balabit.hu/pipermail/syslog-ng/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2023/02/msg00043.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:35:13Z/ Found at https://lists.debian.org/debian-lts-announce/2023/02/msg00043.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3TZ7U2GQTAHVHJXSSEHQS5D2Q5T6SZB/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:35:13Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3TZ7U2GQTAHVHJXSSEHQS5D2Q5T6SZB/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QU36HCM3VZYANUYFC6XFYEYJEKQPA2Q7/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-38725

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-38725

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.gentoo.org/glsa/202305-09

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:35:13Z/ Found at https://security.gentoo.org/glsa/202305-09

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.debian.org/security/2023/dsa-5369

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:35:13Z/ Found at https://www.debian.org/security/2023/dsa-5369

Exploit Prediction Scoring System (EPSS)

Percentile	0.86470
EPSS Score	0.01472
Published At	Dec. 17, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.