syslog-ng is vulnerable to Denial Of Service (DoS). The vulnerability exists due to the integer overflow in the RFC3164
parser in the library, which allows an attacker to cause an application crash through the syslog input that is mishandled by the TCP or network function.
github.com/syslog-ng/syslog-ng/security/advisories/GHSA-7932-4fc6-pvmc
lists.balabit.hu/pipermail/syslog-ng/
lists.debian.org/debian-lts-announce/2023/02/msg00043.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3TZ7U2GQTAHVHJXSSEHQS5D2Q5T6SZB/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QU36HCM3VZYANUYFC6XFYEYJEKQPA2Q7/
lists.fedoraproject.org/archives/list/[email protected]/message/J3TZ7U2GQTAHVHJXSSEHQS5D2Q5T6SZB/
lists.fedoraproject.org/archives/list/[email protected]/message/QU36HCM3VZYANUYFC6XFYEYJEKQPA2Q7/
security-tracker.debian.org/tracker/CVE-2022-38725
security.gentoo.org/glsa/202305-09
www.debian.org/security/2023/dsa-5369