CVE-2019-17571

Priority
Description
Included in Log4j 1.2 is a SocketServer class that is vulnerable to
deserialization of untrusted data which can be exploited to remotely
execute arbitrary code when combined with a deserialization gadget when
listening to untrusted network traffic for log data. This affects Log4j
versions up to 1.2 up to 1.2.17.
Notes
Package
Upstream:needs-triage
Ubuntu 18.04 LTS:released (1.2.17-8+deb10u1build0.18.04.1)
Ubuntu 20.04 LTS:not-affected (1.2.17-9)
Ubuntu 21.10:not-affected (1.2.17-9)
Ubuntu 22.04 LTS:not-affected (1.2.17-9)
Ubuntu 14.04 ESM:ignored (not in esm-main list)
Patches:
More Information

Updated: 2022-04-25 00:37:59 UTC (commit ecc1009cb19540b950de59270950018900f37f15)