High severity7.5NVD Advisory· Published Sep 5, 2017· Updated Jun 17, 2026
CVE-2017-2808
CVE-2017-2808
Description
An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a use-after-free vulnerability resulting in arbitrary code execution. An attacker can convince a user to load a journal file to trigger this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6- cpe:2.3:a:ledger-cli:ledger:3.1.1:*:*:*:*:*:*:*
- osv-coords4 versionspkg:rpm/opensuse/ledger&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/ledger&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/ledger&distro=openSUSE%20Tumbleweedpkg:rpm/suse/ledger&distro=SUSE%20Package%20Hub%2015%20SP1
< 3.1.3-lp151.3.3.1+ 3 more
- (no CPE)range: < 3.1.3-lp151.3.3.1
- (no CPE)range: < 3.1.3-lp151.3.3.1
- (no CPE)range: < 3.2.1-3.3
- (no CPE)range: < 3.1.3-bp151.4.3.1
- Range: Ledger HEAD Ledger 3.1.
Patches
Vulnerability mechanics
References
5- www.securityfocus.com/bid/100546nvdThird Party AdvisoryVDB Entry
- www.talosintelligence.com/vulnerability_reports/TALOS-2017-0304nvdTechnical DescriptionThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2019-07/msg00031.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2019-08/msg00029.htmlnvd
- security.gentoo.org/glsa/202004-05nvd
News mentions
0No linked articles in our index yet.