augeas CVE Vulnerabilities & Metrics

Focus on augeas vulnerabilities and metrics.

Last updated: 16 Apr 2025, 22:25 UTC

About augeas Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with augeas. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total augeas CVEs: 2
Earliest CVE date: 23 Nov 2013, 18:55 UTC
Latest CVE date: 21 Mar 2025, 12:15 UTC

Latest CVE reference: CVE-2025-2588

Rolling Stats

30-day Count (Rolling): 1
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical augeas CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 4.02

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	4
4.0-6.9	1
7.0-8.9	1
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS augeas CVEs

These are the five CVEs with the highest CVSS scores for augeas, sorted by severity first and recency.

CVE-2017-7555 augeas Published on 17 Aug 2017, 19:29 UTC (CVSS: 7.5)
Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution.
CVE-2013-6412 augeas Published on 23 Jan 2014, 00:55 UTC (CVSS: 4.6)
The transform_save function in transform.c in Augeas 1.0.0 through 1.1.0 does not properly calculate the permission values when the umask contains a "7," which causes world-writable permissions to be used for new files and allows local users to modify the files via unspecified vectors.
CVE-2012-0787 augeas Published on 23 Nov 2013, 18:55 UTC (CVSS: 3.7)
The clone_file function in transfer.c in Augeas before 1.0.0, when copy_if_rename_fails is set and EXDEV or EBUSY is returned by the rename function, allows local users to overwrite arbitrary files and obtain sensitive information via a bind mount on the (1) .augsave or (2) destination file when using the backup save option, or (3) .augnew file when using the newfile save option.
CVE-2012-6607 augeas Published on 23 Nov 2013, 18:55 UTC (CVSS: 3.3)
The transform_save function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augsave file in a backup save action, a different vector than CVE-2012-0786.
CVE-2012-0786 augeas Published on 23 Nov 2013, 18:55 UTC (CVSS: 3.3)
The transform_save function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augnew file.

All CVEs for augeas

CVE-2025-2588 augeas vulnerability CVSS: 1.7 21 Mar 2025, 12:15 UTC

A vulnerability has been found in Hercules Augeas 1.14.1 and classified as problematic. This vulnerability affects the function re_case_expand of the file src/fa.c. The manipulation of the argument re leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

CVE-2017-7555 augeas vulnerability CVSS: 7.5 17 Aug 2017, 19:29 UTC

Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution.

CVE-2013-6412 augeas vulnerability CVSS: 4.6 23 Jan 2014, 00:55 UTC

The transform_save function in transform.c in Augeas 1.0.0 through 1.1.0 does not properly calculate the permission values when the umask contains a "7," which causes world-writable permissions to be used for new files and allows local users to modify the files via unspecified vectors.

CVE-2012-6607 augeas vulnerability CVSS: 3.3 23 Nov 2013, 18:55 UTC

The transform_save function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augsave file in a backup save action, a different vector than CVE-2012-0786.

CVE-2012-0787 augeas vulnerability CVSS: 3.7 23 Nov 2013, 18:55 UTC

The clone_file function in transfer.c in Augeas before 1.0.0, when copy_if_rename_fails is set and EXDEV or EBUSY is returned by the rename function, allows local users to overwrite arbitrary files and obtain sensitive information via a bind mount on the (1) .augsave or (2) destination file when using the backup save option, or (3) .augnew file when using the newfile save option.

CVE-2012-0786 augeas vulnerability CVSS: 3.3 23 Nov 2013, 18:55 UTC

The transform_save function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augnew file.