CVE-2017-12588

Name of the Vulnerable Software and Affected Versions: Rsyslog versions prior to 8.28.0

Description: The issue is related to insufficient processing of format strings in the input/output modules of the Rsyslog utility for log processing. Exploitation of this issue could allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. The zmq3 input and output modules in Rsyslog are affected, potentially allowing a format string attack.

Recommendations: For versions prior to 8.28.0, update to version 8.28.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the zmq3 input and output modules to minimize the risk of exploitation.