Lucene search
Veracode Vulnerability DatabaseVERACODE:27153HistorySep 21, 2020 - 6:39 a.m.
Remote Code Execution (RCE)
2020-09-2106:39:08
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
0.004 Low
EPSS
Percentile
72.4%
ledger:eoan is vulnerable to remote code execution (RCE). An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI. A specially crafted ledger file can cause a use-after-free vulnerability resulting in arbitrary code execution. An attacker can convince a user to load a journal file to trigger this vulnerability.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ledger:eoan | eq | 3.1.2+dfsg1 | |
| ledger:eoan | eq | 3.1.2+dfsg1 |
Related
nvd
nvd
CVE-2017-2808
2017-09-05 18:29:00
prion
prion
Design/Logic Flaw
2017-09-05 18:29:00
osv
osv
CVE-2017-2808
2017-09-05 18:29:00
cve
cve
CVE-2017-2808
2017-09-05 18:29:00
seebug
seebug
Ledger CLI Account Directive Use-After-Free Vulnerability(CVE-2017-2808)
2017-09-12 00:00:00
ubuntucve
ubuntucve
CVE-2017-2808
2017-09-05 00:00:00
cvelist
cvelist
CVE-2017-2808
2017-08-30 00:00:00
talos
talos
Ledger CLI Account Directive Use-After-Free Vulnerability
2017-08-30 00:00:00
debiancve
debiancve
CVE-2017-2808
2017-09-05 18:29:00
freebsd
freebsd
ledger -- multiple vulnerabilities
2017-09-05 00:00:00
nessus
nessus
FreeBSD : ledger -- multiple vulnerabilities (d843a984-7f22-484f-ba81-483ddbe30dc3)
2017-09-27 00:00:00
openSUSE Security Update : ledger (openSUSE-2019-1779)
2019-07-22 00:00:00
GLSA-202004-05 : ledger: Multiple vulnerabilities
2020-04-02 00:00:00
suse
suse
Security update for ledger (moderate)
2019-08-14 00:00:00
Security update for ledger (moderate)
2019-07-21 00:00:00
gentoo
gentoo
ledger: Multiple vulnerabilities
2020-04-01 00:00:00
openvas
openvas
openSUSE: Security Advisory for ledger (openSUSE-SU-2019:1779-1)
2019-07-22 00:00:00