thr3ads.net - llvm dev - [llvm-dev] Are any LLVM components affected by the recent log4j issues? [Dec 2021]

If this information is useful, please help other people find it:
Share via:

Kristof Beyls via llvm-dev

2021-Dec-23 07:30 UTC

[llvm-dev] Are any LLVM components affected by the recent log4j issues?

As one of the points of contact at CERT for LLVM, I've received messages
from CERT asking if LLVM is affected by any of the recent log4j
vulnerabilities: *CVE-2021-45105*, *CVE-2021-4104*, *CVE-2021-45046* and
*CVE-2021-44228*. It seems CERT is reaching out to every single vendor
registered with them about these vulnerabilities.

As far as I know no LLVM sub-project uses Java, so LLVM should not be
vulnerable to any of the log4j issues.
Before I go ahead and record in the CERT database that LLVM is not
affected, I thought I'd just double check if anyone is aware of any use of
Java in LLVM and/or any potential way LLVM could be affected by the recent
log4j issues?

Thanks,

Kristof
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.llvm.org/pipermail/llvm-dev/attachments/20211223/9a627ee9/attachment.html>

llvm dev - Dec 2021 - Are any LLVM components affected by the recent log4j issues?

[llvm-dev] Are any LLVM components affected by the recent log4j issues?