CVE-2017-2808

Summary

An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a use-after-free vulnerability resulting in arbitrary code execution. An attacker can convince a user to load a journal file to trigger this vulnerability.

Affected Software

VendorProductVersion RangeStatus
LedgerLedger CLILedger HEAD Ledger 3.1.affected

Weaknesses

  • arbitrary code execution

ADP Enrichment

CVE Program Container

Additional References

References