libaugeas.so is susceptible to denial of service (DoS). The attack exists because a string ended in whitespace was not properly escaped in the function aug_escape_name
, leading to an application crash.
CPE | Name | Operator | Version |
---|---|---|---|
libaugeas.so | le | 0.20.0 | |
libaugeas.so | le | 0.20.0 |
www.debian.org/security/2017/dsa-3949
www.securityfocus.com/bid/100378
access.redhat.com/errata/RHSA-2017:2788
bugzilla.redhat.com/show_bug.cgi?id=1478373
github.com/hercules-team/augeas/commit/4cca923b732990bec0c699b2e69911c2221b2498
github.com/hercules-team/augeas/pull/480
puppet.com/security/cve/cve-2017-7555