augeas is vulnerable to arbitrary code execution attacks. The vulnerability exists as Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution.
CPE | Name | Operator | Version |
---|---|---|---|
augeas | eq | 1.1.0__17.el7 | |
augeas | eq | 1.1.0__12.el7_0.1 | |
augeas:3.3 | eq | 1.4.0-r4 |