CVE-2017-2808

Name of the Vulnerable Software and Affected Versions Ledger-CLI version 3.1.1

Description A use-after-free vulnerability exists in the account parsing component. This issue can be triggered by a specially crafted ledger file, potentially leading to arbitrary code execution. An attacker can exploit this by convincing a user to load a malicious journal file.

Recommendations For Ledger-CLI version 3.1.1, consider avoiding the use of potentially malicious ledger files until a fix is available. As a temporary workaround, restrict the loading of journal files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.