augeas: Improper handling of escaped strings leading to memory corruption (CVE-2017-7555)
Augeas versions up to and including 1.8.0 are vulnerable to heap-based
buffer overflow due to improper handling of escaped strings.
Attacker could send crafted strings that would cause the application
using augeas to copy past the end of a buffer, leading to a crash
or possible code execution.
Fixed In Version:
augeas 1.8.1
References:
https://github.com/hercules-team/augeas/pull/480
http://openwall.com/lists/oss-security/2017/08/17/3
(from redmine: issue id 7718, created on 2017-08-21, closed on 2017-08-22)
- Relations:
- child #7719 (closed)
- child #7720 (closed)
- child #7721 (closed)
- child #7722 (closed)
- child #7723 (closed)