CVE-2017-7555
NONE EPSS 91.2%
Published Aug 17, 20178y ago · Modified Jun 17, 20262w ago
Published Aug 17, 2017 8y ago
Last Modified Jun 17, 2026 2w ago
Description
Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution.
Threat Intelligence
EPSS Exploit Probability
91.2% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 2
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety
CWE-122
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| augeas | augeas | * | ≤1.8.0 |
References 6
- debian.org http://www.debian.org/security/2017/dsa-3949
- securityfocus.com http://www.securityfocus.com/bid/100378
- access.redhat.com https://access.redhat.com/errata/RHSA-2017:2788
- access.redhat.com https://access.redhat.com/errata/RHSA-2019:2403
- github.com https://github.com/hercules-team/augeas/pull/480
- puppet.com https://puppet.com/security/cve/cve-2017-7555
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.