CVE-2017-2808 - OpenCVE

An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a use-after-free vulnerability resulting in arbitrary code execution. An attacker can convince a user to load a journal file to trigger this vulnerability.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ledger-cli	Ledger

Configuration 1 [-]

cpe:2.3:a:ledger-cli:ledger:3.1.1:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00031.html
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00029.html
http://www.securityfocus.com/bid/100546
https://security.gentoo.org/glsa/202004-05
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0304

History

No history.

MITRE

Status: PUBLISHED

Assigner: talos

Published: 2017-09-05T18:00:00Z

Updated: 2024-09-16T20:32:31.398Z

Reserved: 2016-12-01T00:00:00

Link: CVE-2017-2808

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-09-05T18:29:00.447

Modified: 2022-04-19T19:15:21.753

Link: CVE-2017-2808

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Ledger CLI", "vendor": "Ledger", "versions": [{"status": "affected", "version": "Ledger HEAD Ledger 3.1."}]}], "datePublic": "2017-08-30T00:00:00", "descriptions": [{"lang": "en", "value": "An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a use-after-free vulnerability resulting in arbitrary code execution. An attacker can convince a user to load a journal file to trigger this vulnerability."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "arbitrary code execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-04-19T18:22:34", "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos"}, "references": [{"name": "100546", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/100546"}, {"name": "openSUSE-SU-2019:1779", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00031.html"}, {"name": "openSUSE-SU-2019:1895", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00029.html"}, {"name": "GLSA-202004-05", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202004-05"}, {"tags": ["x_refsource_MISC"], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0304"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "talos-cna@cisco.com", "DATE_PUBLIC": "2017-08-30T00:00:00", "ID": "CVE-2017-2808", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Ledger CLI", "version": {"version_data": [{"version_value": "Ledger HEAD Ledger 3.1."}]}}]}, "vendor_name": "Ledger"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a use-after-free vulnerability resulting in arbitrary code execution. An attacker can convince a user to load a journal file to trigger this vulnerability."}]}, "impact": {"cvss": {"baseScore": 7.5, "baseSeverity": "High", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "arbitrary code execution"}]}]}, "references": {"reference_data": [{"name": "100546", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100546"}, {"name": "openSUSE-SU-2019:1779", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00031.html"}, {"name": "openSUSE-SU-2019:1895", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00029.html"}, {"name": "GLSA-202004-05", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202004-05"}, {"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0304", "refsource": "MISC", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0304"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T14:02:07.830Z"}, "title": "CVE Program Container", "references": [{"name": "100546", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/100546"}, {"name": "openSUSE-SU-2019:1779", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00031.html"}, {"name": "openSUSE-SU-2019:1895", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00029.html"}, {"name": "GLSA-202004-05", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202004-05"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0304"}]}]}, "cveMetadata": {"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "assignerShortName": "talos", "cveId": "CVE-2017-2808", "datePublished": "2017-09-05T18:00:00Z", "dateReserved": "2016-12-01T00:00:00", "dateUpdated": "2024-09-16T20:32:31.398Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ledger-cli:ledger:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "876C55BA-ED06-46C0-874C-63816CF695E5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a use-after-free vulnerability resulting in arbitrary code execution. An attacker can convince a user to load a journal file to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad explotable de uso de memoria previamente liberada (use-after-free) en el componente de an\u00e1lisis sint\u00e1ctico de cuentas de Ledger-CLI 3.1.1. Un archivo ledger especialmente manipulado puede provocar una vulnerabilidad de uso de memoria previamente liberada que dar\u00eda lugar a la ejecuci\u00f3n de c\u00f3digo arbitrario. Un atacante puede convencer a un usuario para que cargue un archivo journal para provocar esta vulnerabilidad."}], "id": "CVE-2017-2808", "lastModified": "2022-04-19T19:15:21.753", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "talos-cna@cisco.com", "type": "Secondary"}]}, "published": "2017-09-05T18:29:00.447", "references": [{"source": "talos-cna@cisco.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00031.html"}, {"source": "talos-cna@cisco.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00029.html"}, {"source": "talos-cna@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/100546"}, {"source": "talos-cna@cisco.com", "url": "https://security.gentoo.org/glsa/202004-05"}, {"source": "talos-cna@cisco.com", "tags": ["Technical Description", "Third Party Advisory"], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0304"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}