PT-2017-3339 · Augeas+5 · Augeas+5

Publicado

2017-08-17

Atualizado

2018-03-09

CVE-2017-7555

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Augeas versions up to and including 1.8.0

Description The issue is caused by a heap-based buffer overflow due to improper handling of escaped strings. An attacker could send crafted strings that would cause the application using Augeas to copy past the end of a buffer, leading to a crash or possible code execution. This can be exploited by a remote attacker to execute arbitrary code or cause a denial of service by sending specially crafted strings.

Recommendations For Augeas versions up to and including 1.8.0, update to a version later than 1.8.0 to resolve the issue. At the moment, there is no information about other specific mitigation measures for this vulnerability.

Correção

Buffer Overflow

Heap Based Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119CWE-122

Identificadores relacionados

ALT-PU-2017-2080

BDU:2018-00104

CESA-2017_2788

CVE-2017-7555

DLA-1067-1

DSA-3949-1

MGASA-2017-0306

OPENSUSE-SU-2024:10641-1

RHSA-2017:2788

RHSA-2017_2788

RHSA-2019:2403

SUSE-SU-2018:0650-1

SUSE-SU-2018:0652-1

SUSE-SU-2018:0653-1

SUSE-SU-2018_0650-1

SUSE-SU-2018_0652-1

USN-3400-1

Produtos afetados

Alt Linux

Augeas

Centos

Red Hat

Suse

Ubuntu

PT-2017-3339 · Augeas+5 · Augeas+5

CVE-2017-7555

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 35