#VU108768 Improper neutralization of wildcards or matching symbols in syslog-ng - CVE-2024-47619

Cybersecurity Help s.r.o.

Published: 2025-05-07

Vulnerability identifier: #VU108768

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-47619

CWE-ID: CWE-155

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
syslog-ng
Server applications / Other server solutions

Vendor: One Identity

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists within the tls_wildcard_match() function when handling host names with wildcards. A remote attacker can bypass expected security restrictions.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

syslog-ng: 3.6.1 - 4.8.1

External links
https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-xr54-gx74-fghg

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Meinberg LANTIME firmware update for third-party components

Fedora EPEL 8 update for syslog-ng

Fedora EPEL 9 update for syslog-ng

Fedora 40 update for syslog-ng

Fedora 41 update for syslog-ng

Fedora 42 update for syslog-ng

MitM attack in syslog-ng