Описание
An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a use-after-free vulnerability resulting in arbitrary code execution. An attacker can convince a user to load a journal file to trigger this vulnerability.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | ignored | end of standard support, was needed |
| cosmic | ignored | end of life |
| devel | released | 3.1.2+dfsg1-1 |
| disco | released | 3.1.2+dfsg1-1 |
| eoan | released | 3.1.2+dfsg1-1 |
| esm-apps/bionic | needed | |
| esm-apps/focal | released | 3.1.2+dfsg1-1 |
| esm-apps/jammy | released | 3.1.2+dfsg1-1 |
| esm-apps/noble | released | 3.1.2+dfsg1-1 |
Показывать по
EPSS
6.8 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a use-after-free vulnerability resulting in arbitrary code execution. An attacker can convince a user to load a journal file to trigger this vulnerability.
An exploitable use-after-free vulnerability exists in the account pars ...
An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a use-after-free vulnerability resulting in arbitrary code execution. An attacker can convince a user to load a journal file to trigger this vulnerability.
EPSS
6.8 Medium
CVSS2
7.5 High
CVSS3