Published: 06/11/2020 Updated: 07/11/2023

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.1 | Impact Score: 4.2 | Exploitability Score: 2.8

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P

raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml).

Vulnerable Product	Search on Vulmon	Subscribe to Product
librdf raptor rdf syntax library 2.0.15
debian debian linux 9.0
debian debian linux 10.0
fedoraproject fedora 31
fedoraproject fedora 32
fedoraproject fedora 33

Debian Bug report logs - #973889 raptor2: CVE-2017-18926 Package: src:raptor2; Maintainer for src:raptor2 is Dave Beckett <dajobe@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 6 Nov 2020 20:42:01 UTC Severity: grave Tags: fixed-upstream, patch, security, upstream Found in version rap ...

It was discovered that raptor2, an RDF parser library, is prone to heap-based buffer overflow flaws, which could result in denial of service, or potentially the execution of arbitrary code, if a specially crafted file is processed For the stable distribution (buster), this problem has been fixed in version 2014-11~deb10u1 We recommend that you ...

raptor_xml_writer_start_element_common in raptor_xml_writerc in Raptor RDF Syntax Library 2015 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml) ...

oss-sec mailing list archives   By Date By Thread </form>    Re: Buffer Overflow in raptor widely unfixed in Linux distros   From: "Da ...

CWE-787 https://www.openwall.com/lists/oss-security/2017/06/07/1 https://github.com/LibreOffice/core/blob/master/external/redland/raptor/0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1 https://lists.debian.org/debian-lts-announce/2020/11/msg00012.html https://www.debian.org/security/2020/dsa-4785 http://www.openwall.com/lists/oss-security/2020/11/13/1 http://www.openwall.com/lists/oss-security/2020/11/13/2 http://www.openwall.com/lists/oss-security/2020/11/14/2 http://www.openwall.com/lists/oss-security/2020/11/16/2 http://www.openwall.com/lists/oss-security/2020/11/16/3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RD67AVORGQXORPWNYYUHCH6YPPT6CI4O/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVHFYQDMVEBICIL4DBAGRRLPUR4QYWMV/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDZRNM45VPTQF2BKRWG4YRCHJGQ2L7NS/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973889 https://nvd.nist.gov https://www.debian.org/security/2020/dsa-4785

CVE-2017-18926

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect