Critical Notification

syslog-ng Store Box

syslog-ng Store Box may be affected when malformed log files are received as outlined in CVE-2022-38725 vulnerability.

How does this affect me?

Malformed log files sent to syslog-ng Premium Edition may impact the performance and or availability of the product.

The affected versions are all syslog-ng Store Box 6 versions. 

Workaround 

There is currently no workaround. 

Resolution

A new version of syslog-ng Premium Edition is available which resolves this issue. Customers should upgrade as soon as possible to this newly released version.

Status

Versions (6.0.5 / 7.0.0) of Syslog-ng Store Box containing a resolution to the above is now available for download. Please visit the syslog-ng Store Box support portal and navigate to the downloads section. 

We apologize for any inconvenience this issue may have caused.