[3.7] augeas: Improper handling of escaped strings leading to memory corruption (CVE-2017-7555)
Augeas versions up to and including 1.8.0 are vulnerable to heap-based
buffer overflow due to improper handling of escaped strings.
Attacker could send crafted strings that would cause the application
using augeas to copy past the end of a buffer, leading to a crash
or possible code execution.
Fixed In Version:
augeas 1.8.1
References:
https://github.com/hercules-team/augeas/pull/480
http://openwall.com/lists/oss-security/2017/08/17/3
(from redmine: issue id 7719, created on 2017-08-21, closed on 2017-08-22)
- Relations:
- parent #7718 (closed)
- Changesets:
- Revision 4c72797d by Natanael Copa on 2017-08-22T17:02:41Z:
main/augeas: security upgrade to 1.8.1 (CVE-2017-7555)
fixes #7719