Lucene search

K

[email protected]NVD:CVE-2017-18926

HistoryNov 06, 2020 - 6:15 p.m.

CVE-2017-18926

2020-11-0618:15:11

CWE-787

[email protected]

web.nvd.nist.gov

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

6.9 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

75.2%

raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml).

Affected configurations

NVD

Node

librdfraptor_rdf_syntax_libraryMatch2.0.15

Node

debiandebian_linuxMatch9.0

OR

debiandebian_linuxMatch10.0

Node

fedoraprojectfedoraMatch31

OR

fedoraprojectfedoraMatch32

OR

fedoraprojectfedoraMatch33

References

www.openwall.com/lists/oss-security/2020/11/13/1

www.openwall.com/lists/oss-security/2020/11/13/2

www.openwall.com/lists/oss-security/2020/11/14/2

www.openwall.com/lists/oss-security/2020/11/16/2

www.openwall.com/lists/oss-security/2020/11/16/3

github.com/LibreOffice/core/blob/master/external/redland/raptor/0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1

lists.debian.org/debian-lts-announce/2020/11/msg00012.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RD67AVORGQXORPWNYYUHCH6YPPT6CI4O/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVHFYQDMVEBICIL4DBAGRRLPUR4QYWMV/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDZRNM45VPTQF2BKRWG4YRCHJGQ2L7NS/

www.debian.org/security/2020/dsa-4785

www.openwall.com/lists/oss-security/2017/06/07/1

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

6.9 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

75.2%

Related for NVD:CVE-2017-18926

nessus20 fedora3 debian3 debiancve1 osv5 prion1 openvas9 freebsd1 ubuntu1 cvelist1 redhatcve1 alpinelinux1 suse2 cve1 ubuntucve1 veracode1 oraclelinux1 redhat1 rocky1 archlinux1 almalinux1