View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2017-12588 severity critical: SUSE including 11 source package names (rsyslog, rsyslog-diag-tools, …), 133 product×package rows across 24 product lines (SUSE CaaS Platform 4.0, SUSE Enterprise Storage 6, … (24 product lines)): Known Not Affected 133.
The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact.