ALT-PU-2017-1850-1
Closed vulnerabilities
Published: 2017-08-06
Modified: 2024-12-27
Modified: 2024-12-27
CVE-2017-12588
The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact.
Severity: CRITICAL (9.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- https://github.com/rsyslog/rsyslog/blob/master/ChangeLog
- https://github.com/rsyslog/rsyslog/blob/master/ChangeLog
- https://github.com/rsyslog/rsyslog/commit/062d0c671a29f7c6f7dff4a2f1f35df375bbb30b
- https://github.com/rsyslog/rsyslog/commit/062d0c671a29f7c6f7dff4a2f1f35df375bbb30b
- https://github.com/rsyslog/rsyslog/pull/1565
- https://github.com/rsyslog/rsyslog/pull/1565
- https://security.netapp.com/advisory/ntap-20241227-0009/