CVE-2017-7555

Priority
Medium
Description
Augeas versions up to and including 1.8.0 are vulnerable to heap-based
buffer overflow due to improper handling of escaped strings. Attacker could
send crafted strings that would cause the application using augeas to copy
past the end of a buffer, leading to a crash or possible code execution.
References
Bugs
Assigned-to
leosilva
Package
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):not-affected (1.8.1-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (1.2.0-0ubuntu1.3)
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (1.4.0-0ubuntu1.1)
Ubuntu 17.04 (Zesty Zapus):released (1.6.0-0ubuntu3.1)
Patches:
Patch:https://github.com/hercules-team/augeas/commit/4cca923b732990bec0c699b2e69911c2221b2498
More Information

Updated: 2017-08-24 13:14:35 UTC (commit 13176)