CVE-2018-8088

NameCVE-2018-8088
Descriptionorg.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severityhigh (attack range: remote)
Debian Bugs893684

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libslf4j-java (PTS)jessie1.7.7-1vulnerable
stretch1.7.22-1vulnerable
buster, sid1.7.25-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libslf4j-javasource(unstable)1.7.25-3unimportant893684

Notes

slf4j-ext module is not built by default
https://github.com/qos-ch/slf4j/commit/d2b27fba88e983f921558da27fc29b5f5d269405
https://jira.qos.ch/browse/SLF4J-430
https://jira.qos.ch/browse/SLF4J-431

Search for package or bug name: Reporting problems