[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2017-18926Date: (C)2020-11-09   (M)2023-12-22


raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml).

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 7.1CVSS Score : 5.8
Exploit Score: 2.8Exploit Score: 8.6
Impact Score: 4.2Impact Score: 4.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: MEDIUM
Privileges Required: NONEAuthentication: NONE
User Interaction: REQUIREDConfidentiality: NONE
Scope: UNCHANGEDIntegrity: PARTIAL
Confidentiality: NONEAvailability: PARTIAL
Integrity: LOW 
Availability: HIGH 
  
Reference:
DSA-4785
FEDORA-2020-3c1e69f1b1
FEDORA-2020-b15dd44972
FEDORA-2020-d6675a61f1
https://lists.debian.org/debian-lts-announce/2020/11/msg00012.html
http://www.openwall.com/lists/oss-security/2020/11/13/1
http://www.openwall.com/lists/oss-security/2020/11/13/2
http://www.openwall.com/lists/oss-security/2020/11/14/2
http://www.openwall.com/lists/oss-security/2020/11/16/3
https://github.com/LibreOffice/core/blob/master/external/redland/raptor/0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1
https://www.openwall.com/lists/oss-security/2017/06/07/1

CPE    1
cpe:/o:debian:debian_linux:9.0
CWE    1
CWE-787
OVAL    15
oval:org.secpod.oval:def:506148
oval:org.secpod.oval:def:70260
oval:org.secpod.oval:def:67870
oval:org.secpod.oval:def:89050510
...

© SecPod Technologies