Veracode Vulnerability DatabaseVERACODE:30275Denial Of Service (DoS)
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
raptor2 is vulnerable to denial of service. A malicious input file can lead to a segmentation fault due to an out of bounds array access in raptor_xml_writer_start_element_common.
| CPE | Name | Operator | Version |
|---|---|---|---|
| raptor2:edge | eq | 2.0.15-r1 | |
| raptor2 | eq | 2.0.15__13.el8 | |
| raptor2 | eq | 2.0.15__14.el8 | |
| raptor2:edge | eq | 2.0.15-r1 | |
| raptor2 | eq | 2.0.15__13.el8 | |
| raptor2 | eq | 2.0.15__14.el8 |
References
www.openwall.com/lists/oss-security/2020/11/16/1
bugs.librdf.org/mantis/view.php?id=650
bugzilla.redhat.com/show_bug.cgi?id=1900685
lists.debian.org/debian-lts-announce/2021/12/msg00009.html
lists.fedoraproject.org/archives/list/[email protected]/message/27EQ2JCVMKG3EYTBYO4642P773I2NYUV/
lists.fedoraproject.org/archives/list/[email protected]/message/SUIND56AOKEHHBE4OYV57M73LLOLJRLV/
secdb.alpinelinux.org/edge/community.yaml
secdb.alpinelinux.org/v3.13/community.yaml
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P