Lucene search

[email protected]CVE-2017-18926

HistoryNov 06, 2020 - 6:15 p.m.

CVE-2017-18926

2020-11-0618:15:11

CWE-787

[email protected]

web.nvd.nist.gov

195

cve-2017-18926

raptor rdf syntax library

xml writer

buffer overflow

nvd

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

6.7 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

75.1%

JSON

raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml).

Affected configurations

NVD

Node

librdfraptor_rdf_syntax_libraryMatch2.0.15

Node

debiandebian_linuxMatch9.0

debiandebian_linuxMatch10.0

Node

fedoraprojectfedoraMatch31

fedoraprojectfedoraMatch32

fedoraprojectfedoraMatch33

CPENameOperatorVersion
librdf:raptor_rdf_syntax_librarylibrdf raptor rdf syntax libraryeq2.0.15

CPE	Name	Operator	Version
librdf:raptor_rdf_syntax_library	librdf raptor rdf syntax library	eq	2.0.15

References

www.openwall.com/lists/oss-security/2020/11/13/1

www.openwall.com/lists/oss-security/2020/11/13/2

www.openwall.com/lists/oss-security/2020/11/14/2

www.openwall.com/lists/oss-security/2020/11/16/2

www.openwall.com/lists/oss-security/2020/11/16/3

github.com/LibreOffice/core/blob/master/external/redland/raptor/0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1

lists.debian.org/debian-lts-announce/2020/11/msg00012.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RD67AVORGQXORPWNYYUHCH6YPPT6CI4O/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVHFYQDMVEBICIL4DBAGRRLPUR4QYWMV/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDZRNM45VPTQF2BKRWG4YRCHJGQ2L7NS/

www.debian.org/security/2020/dsa-4785

www.openwall.com/lists/oss-security/2017/06/07/1

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

6.7 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

75.1%

JSON

Related for CVE-2017-18926

freebsd1 ubuntu1 debian3 nessus20 openvas9 cvelist1 redhatcve1 alpinelinux1 osv5 suse2 prion1 fedora3 nvd1 debiancve1 veracode1 ubuntucve1 rocky1 redhat1 oraclelinux1 archlinux1 almalinux1