VDB
CVE-2017-5929
CVE-2017-5929
PUBLISHED
QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.
EPSS 10.14% · 93.3th percentile
Risk Scores
EPSS Score
10.14%
93.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:16.04:LTS | logback | 0, 1:1.1.3-2, 1:1.1.3-2ubuntu0.1~esm1 |
Exploit Intelligence
- 2 vulnerabilities of arbitrary code in ████████ - CVE-2017-5929 (hackerone)
- 2 vulnerabilities of arbitrary code in ████████ - CVE-2017-5929 (hackerone)
- 2 vulnerabilities of arbitrary code in ████████ - CVE-2017-5929 (hackerone)
- CVE-2017-5929: Hyperledger - Arbitrary Deserialization of Untrusted Data (hackerone)
- CVE-2017-5929: Hyperledger - Arbitrary Deserialization of Untrusted Data (hackerone)
- CVE-2017-5929: Hyperledger - Arbitrary Deserialization of Untrusted Data (hackerone)
Timeline
- CVE Published
- Oct 8, 2019 PoC Published
- Apr 14, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Oct 18, 2022 PoC Published
- Mar 7, 2023 EPSS Score
- Mar 17, 2025 EPSS Score
- Mar 19, 2025 EPSS Score
- Mar 29, 2025 EPSS Score
- Mar 30, 2025 EPSS Score
- May 1, 2025 EPSS Score
- May 11, 2025 EPSS Score
References
- https://ubuntu.com/security/CVE-2017-5929 third-party-advisory
- https://github.com/qos-ch/logback/commit/f46044b805bca91efe5fd6afe52257cd02f775f8 third-party-advisory
- https://github.com/qos-ch/logback/commit/979b042cb1f0b4c1e5869ccc8912e68c39f769f9 third-party-advisory
- https://github.com/qos-ch/logback/commit/7fbea6127fa98fc48368ca5e8540eefe0e60cec5 third-party-advisory
- https://github.com/qos-ch/logback/commit/3b4f605454534b304770eeee3cb343521fcd6968 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-5929 third-party-advisory
- Multiples vulnérabilités dans les produits Juniper advisory