Overview: 1 vulnerability

WSA CVE Score Severity Issue Scope Vulnerability type Versions Fix Release date
WSA-2017-2 CVE-2017-14727 7.5
Use of invalid pointer in build of log filename. Logger Access of uninitialized pointer 0.3.2 → 1.9 1.9.1

WSA-2017-2: [Logger] Use of invalid pointer in build of log filename.

Vulnerability
CVE
CVE-2017-14727 [ MITRE / NVD ]
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (detail)
CVSS score
7.5 / 10
Severity
high
Vulnerability type
Access of uninitialized pointer (detail)
Scope
Logger
Affected versions
0.3.2 → 1.9
Fixed version
1.9.1 () - ChangeLog
Tracker
Not available
Commits
Description
Date/time conversion specifiers are expanded after replacing buffer local variables in name of log files. In some cases, this can lead to an error in function strftime and a crash caused by the use of an uninitialized buffer.
Mitigation
You can unload the logger plugin, thus stopping recording of all buffers: /plugin unload logger.
Credit
The issue was discovered by Joseph Bisch.