ID CVE-2017-18926
Summary raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml).
References
Vulnerable Configurations
  • cpe:2.3:a:librdf:raptor_rdf_syntax_library:2.0.15:*:*:*:*:*:*:*
    cpe:2.3:a:librdf:raptor_rdf_syntax_library:2.0.15:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
CVSS
Base: 5.8 (as of 19-11-2020 - 03:15)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:P
refmap via4
debian DSA-4785
fedora
  • FEDORA-2020-3c1e69f1b1
  • FEDORA-2020-b15dd44972
  • FEDORA-2020-d6675a61f1
misc
mlist
  • [debian-lts-announce] 20201107 [SECURITY] [DLA 2438-1] raptor2 security update
  • [oss-security] 20201113 Buffer Overflow in raptor widely unfixed in Linux distros
  • [oss-security] 20201113 Re: Buffer Overflow in raptor widely unfixed in Linux distros
  • [oss-security] 20201114 Re: Buffer Overflow in raptor widely unfixed in Linux distros
  • [oss-security] 20201116 Re: Buffer Overflow in raptor widely unfixed in Linux distros
Last major update 19-11-2020 - 03:15
Published 06-11-2020 - 18:15
Last modified 19-11-2020 - 03:15
Back to Top