CVE-2024-47619: 
syslog-ng vulnerability analysis and mitigation

CVE-2024-47619 affects syslog-ng, an enhanced log daemon, prior to version 4.8.2. The vulnerability relates to improper certificate validation in the TLS wildcard matching functionality, where the tlswildcardmatch() function incorrectly matches certificates with patterns such as foo..bar and partial wildcards like foo.ac.bar, although such patterns should not be allowed (Wiz Database, GitHub Advisory).

The vulnerability exists in the tlswildcardmatch() function which uses gpatternmatch_simple() for matching, allowing more permissive pattern matching than should be allowed for TLS certificate validation. The issue has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N (Wiz Database).

The vulnerability could potentially be exploited in man-in-the-middle situations where an attacker, knowing the original certificate names and guessing the wildcard string used, could create fake certificates that satisfy the guessed wildcard string. However, since this exploit requires inside information and does not lead to data loss or privileged access, it was assessed as having a low impact (GitHub Release).

The vulnerability has been fixed in syslog-ng version 4.8.2. The fix includes changes to ensure wildcards can only match the leading part and never match partially. Users are advised to upgrade to version 4.8.2 or later to address this security issue (GitHub Release).