Vulnerability Description
The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact.
CVSS Score
9.8
CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rsyslog | Rsyslog | <= 8.27.0 |
Related Weaknesses (CWE)
References
- https://github.com/rsyslog/rsyslog/blob/master/ChangeLogRelease NotesThird Party Advisory
- https://github.com/rsyslog/rsyslog/commit/062d0c671a29f7c6f7dff4a2f1f35df375bbb3Third Party Advisory
- https://github.com/rsyslog/rsyslog/pull/1565PatchThird Party Advisory
- https://github.com/rsyslog/rsyslog/blob/master/ChangeLogRelease NotesThird Party Advisory
- https://github.com/rsyslog/rsyslog/commit/062d0c671a29f7c6f7dff4a2f1f35df375bbb3Third Party Advisory
- https://github.com/rsyslog/rsyslog/pull/1565PatchThird Party Advisory
- https://security.netapp.com/advisory/ntap-20241227-0009/
FAQ
What is CVE-2017-12588?
CVE-2017-12588 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact.
How severe is CVE-2017-12588?
CVE-2017-12588 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-12588?
Check the references section above for vendor advisories and patch information. Affected products include: Rsyslog Rsyslog.