Back to search
CVE-2017-7555
Published: Aug 17, 2017
Modified: Sep 17, 2024
PUBLISHED
Description
Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution.
| Vendor | Product | Versions |
|---|---|---|
Red Hat, Inc. | augeas | affected up to and including 1.8.0 |
Weaknesses (CWE)
References
https://puppet.com/security/cve/cve-2017-7555
x_refsource_CONFIRM
100378
vdb-entry
x_refsource_BID
RHSA-2017:2788
vendor-advisory
x_refsource_REDHAT
https://github.com/hercules-team/augeas/pull/480
x_refsource_MISC
DSA-3949
vendor-advisory
x_refsource_DEBIAN
RHSA-2019:2403
vendor-advisory
x_refsource_REDHAT
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now