低危 Raptor RDF Syntax Library缓冲区错误漏洞
CVE编号
CVE-2017-18926利用情况
暂无补丁情况
官方补丁披露时间
2020-11-07漏洞描述
Raptor是一个免费软件/开源C库,提供了一组解析器和序列化器,这些解析器和序列化器通过解析语法或将三元组序列化为语法来生成资源描述框架(RDF)三元组。 Raptor RDF Syntax Library 2.0.15中raptor_xml_writer.c中的raptor_xml_writer_start_element_common错误地计算了XML编写器的最大nspace声明,导致基于堆的缓冲区溢出(有时在raptor_qname_format_as_xml中看到)。解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 应用 | librdf | raptor_rdf_syntax_library | 2.0.15 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.12 | raptor2 | * | Up to (excluding) 2.0.15-r2 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.13 | raptor2 | * | Up to (excluding) 2.0.15-r2 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.14 | raptor2 | * | Up to (excluding) 2.0.15-r2 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.15 | raptor2 | * | Up to (excluding) 2.0.15-r2 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.16 | raptor2 | * | Up to (excluding) 2.0.15-r2 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.17 | raptor2 | * | Up to (excluding) 2.0.15-r2 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.18 | raptor2 | * | Up to (excluding) 2.0.15-r2 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_edge | raptor2 | * | Up to (excluding) 2.0.15-r2 | |||||
| 运行在以下环境 | |||||||||
| 系统 | centos_8 | raptor2 | * | Up to (excluding) 2.0.15-16.el8 | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian_10 | raptor2 | * | Up to (excluding) 2.0.14-1.1~deb10u1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian_11 | raptor2 | * | Up to (excluding) 2.0.14-1.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian_12 | raptor2 | * | Up to (excluding) 2.0.14-1.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian_9 | raptor2 | * | Up to (excluding) 2.0.14-1+deb9u1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian_sid | raptor2 | * | Up to (excluding) 2.0.14-1.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_31 | raptor-debuginfo | * | Up to (excluding) 1.4.21-33.fc31 | |||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_32 | raptor-debuginfo | * | Up to (excluding) 1.4.21-33.fc32 | |||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_33 | raptor-debuginfo | * | Up to (excluding) 1.4.21-33.fc33 | |||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_Leap_15.1 | raptor | * | Up to (excluding) 0-2.0.15-lp151.3.3.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_Leap_15.2 | raptor | * | Up to (excluding) 2.0.15-lp152.4.3.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | oracle_8 | oraclelinux-release | * | Up to (excluding) 2.0.15-16.el8 | |||||
| 运行在以下环境 | |||||||||
| 系统 | redhat_8 | raptor2 | * | Up to (excluding) 2.0.15-16.el8 | |||||
| 运行在以下环境 | |||||||||
| 系统 | suse_12_SP5 | libraptor2 | * | Up to (excluding) 0-2.0.15-5.3.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_16.04 | raptor | * | Up to (excluding) 2.0.14-1ubuntu0.16.04.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_16.04.7_lts | raptor2 | * | Up to (excluding) 2.0.14-1ubuntu0.16.04.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_18.04 | raptor2 | * | Up to (excluding) 2.0.14-1ubuntu0.18.04.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_18.04.5_lts | raptor2 | * | Up to (excluding) 2.0.14-1ubuntu0.18.04.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_20.04 | raptor2 | * | Up to (excluding) 2.0.15-0ubuntu1.20.04.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_21.04 | raptor2 | * | Up to (excluding) 2.0.15-0ubuntu2 | |||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_21.10 | raptor2 | * | Up to (excluding) 2.0.15-0ubuntu2 | |||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_22.04 | raptor2 | * | Up to (excluding) 2.0.15-0ubuntu2 | |||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_22.10 | raptor2 | * | Up to (excluding) 2.0.15-0ubuntu2 | |||||
- 攻击路径 远程
- 攻击复杂度 复杂
- 权限要求 无需权限
- 影响范围 有限影响
- EXP成熟度 未验证
- 补丁情况 官方补丁
- 数据保密性 无影响
- 数据完整性 无影响
- 服务器危害 无影响
- 全网数量 100
| CWE-ID | 漏洞类型 |
| CWE-787 | 跨界内存写 |
Exp相关链接
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论