CVE-2017-12588
Published: 6 August 2017
The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact.
Priority
CVSS 3 base score: 9.8
Notes
Author | Note |
---|---|
mdeslaur | zmq3 modules aren't built in Debian/Ubuntu |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12588
- https://github.com/rsyslog/rsyslog/pull/1565
- https://github.com/rsyslog/rsyslog/blob/master/ChangeLog
- NVD
- Launchpad
- Debian