Your submission was sent successfully! Close

CVE-2017-12588

Published: 6 August 2017

The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact.

Notes

AuthorNote
mdeslaur
zmq3 modules aren't built in Debian/Ubuntu
Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
rsyslog
Launchpad, Ubuntu, Debian
precise Not vulnerable
(code not compiled)
trusty Not vulnerable
(code not compiled)
upstream
Released (8.28.0-1)
xenial Not vulnerable
(code not compiled)
zesty Not vulnerable
(code not compiled)
Patches:
upstream: https://github.com/rsyslog/rsyslog/commit/062d0c671a29f7c6f7dff4a2f1f35df375bbb30b