CVE-2020-25713 — MEDIUM (6.5)

Vulnerability Description

A malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Librdf	Raptor Rdf Syntax Library	2.0.15
Fedoraproject	Fedora	32
Debian	Debian Linux	9.0

Related Weaknesses (CWE)

CWE-20 CWE-125

References

http://www.openwall.com/lists/oss-security/2020/11/16/1Mailing ListThird Party Advisory
https://bugs.librdf.org/mantis/view.php?id=650Issue TrackingPatchVendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1900685Issue TrackingPatchThird Party Advisory
https://lists.debian.org/debian-lts-announce/2021/12/msg00009.htmlMailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
http://www.openwall.com/lists/oss-security/2020/11/16/1Mailing ListThird Party Advisory
https://bugs.librdf.org/mantis/view.php?id=650Issue TrackingPatchVendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1900685Issue TrackingPatchThird Party Advisory
https://lists.debian.org/debian-lts-announce/2021/12/msg00009.htmlMailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro

FAQ

What is CVE-2020-25713?

CVE-2020-25713 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common.

How severe is CVE-2020-25713?

CVE-2020-25713 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-25713?

Check the references section above for vendor advisories and patch information. Affected products include: Librdf Raptor Rdf Syntax Library, Fedoraproject Fedora, Debian Debian Linux.