Home > Vulnerability Database > CVE-2024-47619

Mend.io Vulnerability Database

CVE-2024-47619

Good to know:

Date: May 7, 2025

syslog-ng is an enhanced log daemo. Prior to version 4.8.2, "tls_wildcard_match()" matches on certificates such as "foo.*.bar" although that is not allowed. It is also possible to pass partial wildcards such as "foo.a*c.bar" which glib matches but should be avoided / invalidated. This issue could have an impact on TLS connections, such as in man-in-the-middle situations. Version 4.8.2 contains a fix for the issue.

Severity Score

7.5

Related Resources (8)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-47619

Url: https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.8.2

Url: https://security-tracker.debian.org/tracker/CVE-2024-47619

Url: https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-xr54-gx74-fghg

Url: https://github.com/syslog-ng/syslog-ng/blob/b0ccc8952d333fbc2d97e51fddc0b569a15e7a7d/lib/transport/tls-verifier.c#L78-L110

Url: https://lists.debian.org/debian-lts-announce/2025/05/msg00034.html

Url: https://github.com/syslog-ng/syslog-ng/commit/dadfdbecde5bfe710b0a6ee5699f96926b3f9006

Url: https://www.mend.io/vulnerability-database/CVE-2024-47619

Severity Score

7.5

Weakness Type (CWE)

Improper Certificate Validation

CWE-295

Top Fix

Upgrade Version

Upgrade to version https://github.com/syslog-ng/syslog-ng.git - syslog-ng-4.8.2

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-47619

Good to know:

Date: May 7, 2025

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?