CVE-2017-10906

Published: Dec 8, 2017Modified: May 13, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors.

Affected (13)

Products: Fluentd: Fluentd · Redhat: Openstack

1 product

1 product

Configuration A

12 vulnerable

Vulnerable Software	Affected Versions
Fluentd Fluentd	Version 0.12.29
Fluentd Fluentd	Version 0.12.30
Fluentd Fluentd	Version 0.12.31
Fluentd Fluentd	Version 0.12.32
Fluentd Fluentd	Version 0.12.33
Fluentd Fluentd	Version 0.12.34
Fluentd Fluentd	Version 0.12.35
Fluentd Fluentd	Version 0.12.36
Fluentd Fluentd	Version 0.12.37
Fluentd Fluentd	Version 0.12.38
Fluentd Fluentd	Version 0.12.39
Fluentd Fluentd	Version 0.12.40

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Openstack	Version 13

References (8)

https://access.redhat.com/errata/RHSA-2018:2225

Source: vultures@jpcert.or.jp

Third Party Advisory

https://github.com/fluent/fluentd/blob/v0.12/CHANGELOG.md#bug-fixes

Source: vultures@jpcert.or.jp

Issue TrackingRelease NotesThird Party Advisory

https://github.com/fluent/fluentd/pull/1733

Source: vultures@jpcert.or.jp

Issue TrackingPatchThird Party Advisory

https://jvn.jp/en/vu/JVNVU95124098/index.html

Source: vultures@jpcert.or.jp

Issue TrackingThird Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2018:2225

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/fluent/fluentd/blob/v0.12/CHANGELOG.md#bug-fixes

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingRelease NotesThird Party Advisory

https://github.com/fluent/fluentd/pull/1733

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://jvn.jp/en/vu/JVNVU95124098/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party AdvisoryVDB Entry

Timeline

No history available yet.