CVE-2007-6437
syslog-ng - remote denial of service
EPSS 5.8%
Description
Balabit syslog-ng 2.0.x before 2.0.6 and 2.1.x before 2.1.8 allows remote attackers to cause a denial of service (crash) via a message with a timestamp that does not contain a trailing space, which triggers a NULL pointer dereference.
How to fix CVE-2007-6437
To remediate CVE-2007-6437, upgrade the affected package to a fixed version below.
- Debian/syslog-ng—upgrade to 2.0.6-1 or later
- Debian/syslog-ng—upgrade to 2.0.0-1etch1 or later
- Debian/syslog-ng—upgrade to 2.0.5-3+lenny1 or later
Is CVE-2007-6437 being exploited?
Moderate — EPSS is 5.8%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (3)
- from 0, < 2.0.6-1
- from 0, < 2.0.0-1etch1
- from 0, < 2.0.5-3+lenny1