CVE-2017-18926 — HIGH (7.1)

Vulnerability Description

raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml).

CVSS Score

7.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

HIGH

Affected Products

Vendor	Product	Versions
Librdf	Raptor Rdf Syntax Library	2.0.15
Debian	Debian Linux	9.0
Fedoraproject	Fedora	31

Related Weaknesses (CWE)

CWE-787

References

http://www.openwall.com/lists/oss-security/2020/11/13/1Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2020/11/13/2Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2020/11/14/2Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2020/11/16/2Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2020/11/16/3Mailing ListThird Party Advisory
https://github.com/LibreOffice/core/blob/master/external/redland/raptor/0001-CalPatchThird Party Advisory
https://lists.debian.org/debian-lts-announce/2020/11/msg00012.htmlMailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://www.debian.org/security/2020/dsa-4785Third Party Advisory
https://www.openwall.com/lists/oss-security/2017/06/07/1ExploitMailing ListPatch
http://www.openwall.com/lists/oss-security/2020/11/13/1Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2020/11/13/2Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2020/11/14/2Mailing ListThird Party Advisory

FAQ

What is CVE-2017-18926?

CVE-2017-18926 is a vulnerability with a CVSS score of 7.1 (HIGH). raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflo...

How severe is CVE-2017-18926?

CVE-2017-18926 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-18926?

Check the references section above for vendor advisories and patch information. Affected products include: Librdf Raptor Rdf Syntax Library, Debian Debian Linux, Fedoraproject Fedora.