Critical severity9.8NVD Advisory· Published Aug 6, 2017· Updated May 13, 2026

CVE-2017-12588

Description

The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact.

Affected products

Rsyslog/Rsyslog
cpe:2.3:a:rsyslog:rsyslog:*:*:*:*:*:*:*:*
Range: <=8.27.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/rsyslog/rsyslog/pull/1565nvdPatchThird Party Advisory
github.com/rsyslog/rsyslog/blob/master/ChangeLognvdRelease NotesThird Party Advisory
github.com/rsyslog/rsyslog/commit/062d0c671a29f7c6f7dff4a2f1f35df375bbb30bnvdThird Party Advisory
security.netapp.com/advisory/ntap-20241227-0009/nvd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000