[syslog-ng] Vulnerability making News - HTTP/2 Rapid Reset DDoS CVE-2023-44487

Mayekar, PrachiX prachix.mayekar at intel.com
Mon Oct 16 08:35:47 UTC 2023


Thank you for the quick response!! 😊

Thanks & Regards,
Prachi Mayekar
ITI-Network Services
A Contingent Worker at Intel
For assistance, please visit us at https://it.intel.com<https://it.intel.com/>

From: László Várady <laszlo.varady at axoflow.com>
Sent: Monday, October 16, 2023 2:00 PM
To: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu>
Cc: Mayekar, PrachiX <prachix.mayekar at intel.com>
Subject: Re: [syslog-ng] Vulnerability making News - HTTP/2 Rapid Reset DDoS CVE-2023-44487

Hi,

syslog-ng doesn't use HTTP/2 in its core, so we are not directly affected by CVE-2023-44487.

The gRPC plugin of syslog-ng may be affected indirectly through the gRPC libraries we use, but so far I haven't found any official comment on this by the gRPC developers other than the following fix in their Go library:
https://github.com/grpc/grpc-go/pull/6703

In summary, if you don't use the OpenTelemetry or Loki plugins of syslog-ng, syslog-ng is not affected by the above CVE.
If you use either the OpenTelemetry or the Loki plugins, please wait for the gRPC announcement whether their C++ library is affected or not.

--
László Várady

On Mon, Oct 16, 2023 at 10:10 AM Mayekar, PrachiX <prachix.mayekar at intel.com<mailto:prachix.mayekar at intel.com>> wrote:
Hi Team,

Are syslog products vulnerable to this vulnerability ?

Need to know if Syslog is affected:


CVE-2023-44487 is a vulnerability in the HTTP/2 protocol that was recently used to launch DDoS attacks. The vulnerability allows for denial of service (DoS) because request cancellation can reset many streams quickly. https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/

Thanks & Regards,
Prachi Mayekar
ITI-Network Services
A Contingent Worker at Intel
For assistance, please visit us at https://it.intel.com<https://it.intel.com/>

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20231016/2c877e75/attachment-0001.htm>


More information about the syslog-ng mailing list