Linux Distros Unpatched Vulnerability : CVE-2017-2808

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a...

Security update for ledger (moderate)

openSUSE Security Update: Security update for ledger Announcement ID: openSUSE-SU-2019:1895-1 Rating: moderate References: 1052478 1052484 1105084 Cross-References: CVE-2017-12481 CVE-2017-12482 CVE-2017-2807 CVE-2017-2808 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes four...

Ledger CLI Account Directive Use-After-Free Vulnerability(CVE-2017-2808)

Summary An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a use-after-free vulnerability resulting in arbitrary code execution. An attacker can convince a user to load a journal file to trigger th...

CVE-2017-2808

CVE-2017-2808 affects Ledger-CLI 3.1.1, with a use-after-free in the account parsing component triggered by loading a specially crafted journal file, enabling arbitrary code execution. Multiple connected advisories cite this CVE and note remediation by upgrading Ledger to newer releases (e.g., Le...