CVE-2022-38725

HIGH

One Identity syslog-ng 3.0-3.37 and Premium Edition < 7.0.32 - Denial of Service via RFC3164 Parser Integer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-38725. PoCs published by wdahlenburg.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2022-38725, an unauthenticated Denial of Service vulnerability in syslog-ng. It includes steps to reproduce the issue, root cause analysis, and references to the fix in the syslog-ng codebase.

Description

An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected.

Exploits (1)

nomisec WRITEUP

by wdahlenburg · poc

https://github.com/wdahlenburg/CVE-2022-38725

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2022-38725, an unauthenticated Denial of Service vulnerability in syslog-ng. It includes steps to reproduce the issue, root cause analysis, and references to the fix in the syslog-ng codebase.

Classification

Writeup 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: syslog-ng versions prior to 3.38.1

No auth needed

Prerequisites: Network access to the syslog-ng service

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (7)

Core 7

Core References

Third Party Advisory

https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-7932-4fc6-pvmc

Third Party Advisory

https://lists.balabit.hu/pipermail/syslog-ng/

Mailing List, Third Party Advisory vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3TZ7U2GQTAHVHJXSSEHQS5D2Q5T6SZB/

Mailing List, Third Party Advisory vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QU36HCM3VZYANUYFC6XFYEYJEKQPA2Q7/

Mailing List mailing-list

https://lists.debian.org/debian-lts-announce/2023/02/msg00043.html

Third Party Advisory vendor-advisory

https://www.debian.org/security/2023/dsa-5369

Third Party Advisory vendor-advisory

https://security.gentoo.org/glsa/202305-09

Scores

CVSS v3 7.5

EPSS 0.0240

EPSS Percentile 82.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-190

Status published

Products (4)

oneidentity/syslog-ng < 3.38.1

oneidentity/syslog-ng < 7.0.32

oneidentity/syslog-ng_store_box < 6.0.5

oneidentity/syslog-ng_store_box < 7.0

Published Jan 23, 2023

Tracked Since Feb 18, 2026