Описание
Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution.
A vulnerability was discovered in augeas affecting the handling of escaped strings. An attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | augeas | Will not fix | ||
| Red Hat Enterprise Linux 7 | rhev-hypervisor | Affected | ||
| Red Hat Enterprise Linux OpenStack Platform 6 (Juno) Installer | augeas | Will not fix | ||
| Red Hat Enterprise Virtualization 3 | rhev-hypervisor6 | Out of support scope | ||
| Red Hat Storage 3 | augeas | Will not fix | ||
| Red Hat Enterprise Linux 7 | augeas | Fixed | RHSA-2017:2788 | 21.09.2017 |
| Red Hat Enterprise Linux 7.3 Advanced Update Support | augeas | Fixed | RHSA-2019:2403 | 07.08.2019 |
| Red Hat Enterprise Linux 7.3 Telco Extended Update Support | augeas | Fixed | RHSA-2019:2403 | 07.08.2019 |
| Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions | augeas | Fixed | RHSA-2019:2403 | 07.08.2019 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.8 High
CVSS3
Связанные уязвимости
Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution.
Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution.
Augeas versions up to and including 1.8.0 are vulnerable to heap-based ...
EPSS
7.8 High
CVSS3