Thank you for the quick response!!
😊
Thanks & Regards,
Prachi Mayekar
ITI-Network Services
A Contingent Worker at Intel
For assistance, please visit us at
https://it.intel.com
From: László Várady <laszlo.varady@axoflow.com>
Sent: Monday, October 16, 2023 2:00 PM
To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu>
Cc: Mayekar, PrachiX <prachix.mayekar@intel.com>
Subject: Re: [syslog-ng] Vulnerability making News - HTTP/2 Rapid Reset DDoS CVE-2023-44487
Hi,
syslog-ng doesn't use HTTP/2 in its core, so we are not directly affected by CVE-2023-44487.
The gRPC plugin of syslog-ng may be affected indirectly through the gRPC libraries we use, but so far I haven't found any official comment on this by the gRPC developers other than the following
fix in their Go library:
In summary, if you don't use the OpenTelemetry or Loki plugins of syslog-ng, syslog-ng is not affected by the above CVE.
If you use either the OpenTelemetry or the Loki plugins, please wait for the gRPC announcement whether their C++ library is affected or not.
--
László Várady
On Mon, Oct 16, 2023 at 10:10 AM Mayekar, PrachiX <prachix.mayekar@intel.com> wrote:
Hi Team,
Are syslog products vulnerable to this vulnerability ?
Need to know if Syslog is affected:
CVE-2023-44487 is a vulnerability in the HTTP/2 protocol that was recently used to launch DDoS attacks. The vulnerability allows for denial of service (DoS) because request cancellation can reset many streams quickly. https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/
Thanks & Regards,
Prachi Mayekar
ITI-Network Services
A Contingent Worker at Intel
For assistance, please visit us at https://it.intel.com
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq