ledger:eoan is vulnerable to remote code execution (RCE). An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI. A specially crafted ledger file can cause a use-after-free vulnerability resulting in arbitrary code execution. An attacker can convince a user to load a journal file to trigger this vulnerability.
CPE | Name | Operator | Version |
---|---|---|---|
ledger:eoan | eq | 3.1.2+dfsg1 | |
ledger:eoan | eq | 3.1.2+dfsg1 |