subject:"Bug#876660\: ledger\: CVE\-2017\-2807\: Ledger CLI Tags Parsing Code Execution Vulnerability"

Bug#876660: ledger: CVE-2017-2807: Ledger CLI Tags Parsing Code Execution Vulnerability

2019-01-26 Thread Martin Michlmayr

* Salvatore Bonaccorso [2017-09-24 18:01]: > the following vulnerability was published for ledger. > > CVE-2017-2807[0]: > | An exploitable buffer overflow vulnerability exists in the tag parsing > | functionality of Ledger-CLI 3.1.1. A specially crafted journal file > | can cause an integer

Bug#876660: ledger: CVE-2017-2807: Ledger CLI Tags Parsing Code Execution Vulnerability

2017-09-24 Thread Salvatore Bonaccorso

Source: ledger Version: 3.1.2~pre1+g3a00e1c+dfsg1-1 Severity: important Tags: upstream security Hi, the following vulnerability was published for ledger. CVE-2017-2807[0]: | An exploitable buffer overflow vulnerability exists in the tag parsing | functionality of Ledger-CLI 3.1.1. A specially