CVE-2024-47619: 
syslog-ng vulnerability analysis and mitigation

CVE-2024-47619 affects syslog-ng, an enhanced log daemon, prior to version 4.8.2. The vulnerability relates to improper certificate validation in the TLS wildcard matching functionality. The issue was discovered during certification testing and was publicly disclosed on May 7, 2025 (GitHub Advisory).

The vulnerability exists in the tls_wildcard_match() function where it incorrectly matches certificates with patterns such as foo.*.bar and partial wildcards like foo.a*c.bar. The function uses g_pattern_match_simple() for matching, which allows more permissive pattern matching than should be allowed for TLS certificate validation. The issue has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N (NVD).

The vulnerability could potentially be exploited in man-in-the-middle situations where an attacker, knowing the original certificate names and guessing the wildcard string used, could create fake certificates that satisfy the guessed wildcard string. However, since this exploit requires inside information and does not lead to data loss or privileged access, it was assessed as having a low impact (GitHub Release).

The vulnerability has been fixed in syslog-ng version 4.8.2. The fix includes changes to ensure wildcards can only match the leading part and never match partially. Users are advised to upgrade to version 4.8.2 or later to address this security issue (GitHub Release).