syslog-ng Store Box may be affected when malformed log files are received as outlined in CVE-2022-38725 vulnerability.
How does this affect me?
Malformed log files sent to syslog-ng Premium Edition may impact the performance and or availability of the product.
The affected versions are all syslog-ng Store Box 6 versions.
Workaround
There is currently no workaround.
Resolution
A new version of syslog-ng Premium Edition is available which resolves this issue. Customers should upgrade as soon as possible to this newly released version.
Status
Versions (6.0.5 / 7.0.0) of Syslog-ng Store Box containing a resolution to the above is now available for download. Please visit the syslog-ng Store Box support portal and navigate to the downloads section.
We apologize for any inconvenience this issue may have caused.
© 2025 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center
