{"affected":[{"ecosystem_specific":{"binaries":[{"libevtlog-3_35-0":"3.35.1-bp154.3.3.1","syslog-ng":"3.35.1-bp154.3.3.1","syslog-ng-curl":"3.35.1-bp154.3.3.1","syslog-ng-devel":"3.35.1-bp154.3.3.1","syslog-ng-geoip":"3.35.1-bp154.3.3.1","syslog-ng-java":"3.35.1-bp154.3.3.1","syslog-ng-mqtt":"3.35.1-bp154.3.3.1","syslog-ng-python":"3.35.1-bp154.3.3.1","syslog-ng-redis":"3.35.1-bp154.3.3.1","syslog-ng-smtp":"3.35.1-bp154.3.3.1","syslog-ng-snmp":"3.35.1-bp154.3.3.1","syslog-ng-sql":"3.35.1-bp154.3.3.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP4","name":"syslog-ng","purl":"pkg:rpm/suse/syslog-ng&distro=SUSE%20Package%20Hub%2015%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.35.1-bp154.3.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libevtlog-3_35-0":"3.35.1-bp154.3.3.1","syslog-ng":"3.35.1-bp154.3.3.1","syslog-ng-curl":"3.35.1-bp154.3.3.1","syslog-ng-devel":"3.35.1-bp154.3.3.1","syslog-ng-geoip":"3.35.1-bp154.3.3.1","syslog-ng-java":"3.35.1-bp154.3.3.1","syslog-ng-mqtt":"3.35.1-bp154.3.3.1","syslog-ng-python":"3.35.1-bp154.3.3.1","syslog-ng-redis":"3.35.1-bp154.3.3.1","syslog-ng-smtp":"3.35.1-bp154.3.3.1","syslog-ng-snmp":"3.35.1-bp154.3.3.1","syslog-ng-sql":"3.35.1-bp154.3.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.4","name":"syslog-ng","purl":"pkg:rpm/opensuse/syslog-ng&distro=openSUSE%20Leap%2015.4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.35.1-bp154.3.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for syslog-ng fixes the following issues:\n\n- CVE-2022-38725: Fixed integer overflow in parsers that allowed a remote denial of service (boo#1207460)\n","id":"openSUSE-SU-2023:0040-1","modified":"2023-02-03T17:01:12Z","published":"2023-02-03T17:01:12Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KPVYCA5YR6CSNRS7QCCRAUZAWCZP53WG/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1207460"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-38725"}],"related":["CVE-2022-38725"],"summary":"Security update for syslog-ng","upstream":["CVE-2022-38725"]}