| ID |
CVE-2017-18926
|
| Summary |
raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml). |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:librdf:raptor_rdf_syntax_library:2.0.15:*:*:*:*:*:*:*
cpe:2.3:a:librdf:raptor_rdf_syntax_library:2.0.15:*:*:*:*:*:*:*
-
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
-
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
-
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
-
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
-
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 5.8 (as of 16-11-2022 - 16:33) |
| Impact: | |
| Exploitability: | |
|
| CWE |
CWE-787 |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
MEDIUM |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| NONE |
PARTIAL |
PARTIAL |
|
| cvss-vector
via4
|
AV:N/AC:M/Au:N/C:N/I:P/A:P
|
| refmap
via4
|
| debian | DSA-4785 | | fedora | - FEDORA-2020-3c1e69f1b1
- FEDORA-2020-b15dd44972
- FEDORA-2020-d6675a61f1
| | misc | | | mlist | - [debian-lts-announce] 20201107 [SECURITY] [DLA 2438-1] raptor2 security update
- [oss-security] 20201113 Buffer Overflow in raptor widely unfixed in Linux distros
- [oss-security] 20201113 Re: Buffer Overflow in raptor widely unfixed in Linux distros
- [oss-security] 20201114 Re: Buffer Overflow in raptor widely unfixed in Linux distros
- [oss-security] 20201116 Re: Buffer Overflow in raptor widely unfixed in Linux distros
|
|
| Last major update |
16-11-2022 - 16:33 |
| Published |
06-11-2020 - 18:15 |
| Last modified |
16-11-2022 - 16:33 |
