CVE-2017-18926

CVSS v2.0

8.5

High

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:C

Name of the Vulnerable Software and Affected Versions Raptor RDF Syntax Library version 2.0.15

Description The issue is related to the raptor xml writer start element common function in the Raptor RDF Syntax Library, which miscalculates the maximum number of nspace declarations for the XML writer. This can lead to heap-based buffer overflows, sometimes seen in the raptor qname format as xml function. The vulnerability can be exploited by a remote attacker to compromise data integrity or cause a denial of service.

Recommendations For Raptor RDF Syntax Library version 2.0.15, consider updating to a newer version that addresses the issue, as the current version has a miscalculation in the raptor xml writer start element common function that can lead to heap-based buffer overflows. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2021:1842

ALT-PU-2023-8310

ALT-PU-2023-8311

ALT-PU-2023-8312

ALT-PU-2024-1165

AZL-45321

BDU:2021-03499

CESA-2021_1842

CVE-2017-18926

DLA-2438-1

DSA-4785-1

OPENSUSE-SU-2020:1949-1

OPENSUSE-SU-2020:1959-1

OPENSUSE-SU-2020_1949-1

OPENSUSE-SU-2020_1959-1

OPENSUSE-SU-2024:11296-1

RHSA-2021:1842

RHSA-2021_1842

RLSA-2021:1842

SUSE-SU-2020:3350-1

SUSE-SU-2020:3351-1

SUSE-SU-2020:3352-1

SUSE-SU-2020_3350-1

SUSE-SU-2020_3351-1

SUSE-SU-2020_3352-1

USN-4630-1

USN-7868-1

Affected Products

Alt Linux

Almalinux

Centos

Linuxmint

Raptor Rdf Syntax Library

Red Hat

Rocky Linux

Suse

Ubuntu

CVE-2017-18926

Weakness Enumeration

Related Identifiers

Affected Products

References · 59