Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:45132
HistoryJan 23, 2024 - 10:18 a.m.

Denial Of Service

2024-01-2310:18:13
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
denial of service
librttopo.so
empty geometries
remote attackers
st_asx3d
server termination
software

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.6

Confidence

High

EPSS

0.005

Percentile

77.4%

librttopo.so is vulnerable to Denial Of Service. The vulnerability is due to mishandling of empty geometries. The remote attackers can perform a DoS via a crafted ST_AsX3D input which leads to server termination.

CPENameOperatorVersion
librttopo.sole1.1.0
librttopo.sole1.1.0

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.6

Confidence

High

EPSS

0.005

Percentile

77.4%