This script is Copyright (C) 2017 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
Talos reports :
An exploitable buffer overflow vulnerability exists in the tag parsing
functionality of Ledger-CLI 3.1.1. A specially crafted journal file
can cause an integer underflow resulting in code execution. An
attacker can construct a malicious journal file to trigger this
An exploitable use-after-free vulnerability exists in the account
parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger
file can cause a use-after-free vulnerability resulting in arbitrary
code execution. An attacker can convince a user to load a journal file
to trigger this vulnerability.
See also :
Update the affected package.
Risk factor :
Medium / CVSS Base Score : 6.8