Vulnerabilities > CVE-2017-10906

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

fluentd

redhat

critical

NVD

Published: 2017-12-08

Updated: 2021-08-04

Summary

Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors.

Vulnerable Configurations

Part	Description	Count
Application	Fluentd Fluentd Fluentd 0.12.31 Fluentd Fluentd 0.12.33 Fluentd Fluentd 0.12.40 Fluentd Fluentd 0.12.35 Fluentd Fluentd 0.12.36 Fluentd Fluentd 0.12.37 Fluentd Fluentd 0.12.38 Fluentd Fluentd 0.12.29 Fluentd Fluentd 0.12.30 Fluentd Fluentd 0.12.32 Fluentd Fluentd 0.12.34 Fluentd Fluentd 0.12.39	12
Application	Redhat Redhat Openstack 13	1

Redhat

advisories

rhsa

id	RHSA-2018:2225

rpms

fluentd-0:0.12.41-1.el7

References

https://jvn.jp/en/vu/JVNVU95124098/index.html
https://github.com/fluent/fluentd/pull/1733
https://github.com/fluent/fluentd/blob/v0.12/CHANGELOG.md#bug-fixes
https://access.redhat.com/errata/RHSA-2018:2225

Vulnerabilities > CVE-2017-10906 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2017-10906"}]}

Summary

Vulnerable Configurations

Redhat

References

Vulnerabilities > CVE-2017-10906