CVE-2018-8088

NameCVE-2018-8088
Descriptionorg.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs893684

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libslf4j-java (PTS)jessie1.7.7-1vulnerable
stretch1.7.22-1vulnerable
buster1.7.25-3fixed
bullseye1.7.30-1fixed
sid, trixie, bookworm1.7.32-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libslf4j-javasource(unstable)1.7.25-3unimportant893684

Notes

slf4j-ext module is not built by default
https://github.com/qos-ch/slf4j/commit/d2b27fba88e983f921558da27fc29b5f5d269405
https://jira.qos.ch/browse/SLF4J-430
https://jira.qos.ch/browse/SLF4J-431

Search for package or bug name: Reporting problems