Vulnerability Description
Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Augeas | Augeas | <= 1.8.0 |
Related Weaknesses (CWE)
References
- http://www.debian.org/security/2017/dsa-3949
- http://www.securityfocus.com/bid/100378Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2017:2788
- https://access.redhat.com/errata/RHSA-2019:2403
- https://github.com/hercules-team/augeas/pull/480Third Party Advisory
- https://puppet.com/security/cve/cve-2017-7555
- http://www.debian.org/security/2017/dsa-3949
- http://www.securityfocus.com/bid/100378Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2017:2788
- https://access.redhat.com/errata/RHSA-2019:2403
- https://github.com/hercules-team/augeas/pull/480Third Party Advisory
- https://puppet.com/security/cve/cve-2017-7555
FAQ
What is CVE-2017-7555?
CVE-2017-7555 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application...
How severe is CVE-2017-7555?
CVE-2017-7555 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-7555?
Check the references section above for vendor advisories and patch information. Affected products include: Augeas Augeas.