<div dir="ltr"><div dir="ltr"><div>Hi,</div><div><br></div><div>syslog-ng doesn't use HTTP/2 in its core, so we are not directly affected by CVE-2023-44487.</div><div><br></div><div>The gRPC plugin of syslog-ng may be affected indirectly through the gRPC libraries we use, but<span class="gmail-HwtZe" lang="en"><span class="gmail-jCAhz gmail-ChMk0b"><span class="gmail-ryNqvb"> so far I haven't found any official comment on this by the gRPC developers other than the following fix in their Go library:</span></span></span></div><div><a href="https://github.com/grpc/grpc-go/pull/6703">https://github.com/grpc/grpc-go/pull/6703</a></div><div><br></div><div>In summary, if you don't use the OpenTelemetry or Loki plugins of syslog-ng, syslog-ng is not affected by the above CVE.</div><div>If you use either the OpenTelemetry or the Loki plugins, please wait for the gRPC announcement whether their C++ library is affected or not.<br></div><div><br></div><div>--</div><div>László Várady<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Oct 16, 2023 at 10:10 AM Mayekar, PrachiX <<a href="mailto:prachix.mayekar@intel.com">prachix.mayekar@intel.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="msg4259575637719768759">
<div lang="EN-US" style="overflow-wrap: break-word;">
<div class="m_4259575637719768759WordSection1">
<p class="MsoNormal">Hi Team,<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Are syslog products vulnerable to this vulnerability ?<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Need to know if Syslog is affected:<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="m_4259575637719768759MsoPlainText"><b><span lang="EN-CA">CVE-2023-44487 is a vulnerability in the HTTP/2 protocol that was recently used to launch DDoS attacks. The vulnerability allows for denial of service (DoS) because request cancellation can reset many streams quickly.
<a href="https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/" target="_blank">
<span style="color:windowtext;text-decoration:none">https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/</span></a><u></u><u></u></span></b></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><b><span style="color:rgb(68,114,196)">Thanks & Regards,<u></u><u></u></span></b></p>
<p class="MsoNormal"><b><span>Prachi Mayekar<u></u><u></u></span></b></p>
<p class="MsoNormal"><span>ITI-Network Services<u></u><u></u></span></p>
<p class="MsoNormal"><span>A Contingent Worker at Intel<u></u><u></u></span></p>
<p class="MsoNormal"><span>For assistance, please visit us at
<a href="https://it.intel.com/" target="_blank"><span style="color:blue">https://it.intel.com</span></a><u></u><u></u></span></p>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
</div></blockquote></div></div>