diff options
| author | Tobias C. Berner <tcberner@FreeBSD.org> | 2020-11-09 05:28:05 +0000 |
|---|---|---|
| committer | Tobias C. Berner <tcberner@FreeBSD.org> | 2020-11-09 05:28:05 +0000 |
| commit | af69cc701377defddae5ca9a85308d3fcc035a40 (patch) | |
| tree | 3fc799c3648bef4d4e5790792e516f7e36397133 | |
| parent | This is commit two of a two commit set: (diff) | |
Document vulnerability in textproc/raptor2
From [1], [2], [3]:
raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF
Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML
writer, leading to heap-based buffer overflows (sometimes seen in
raptor_qname_format_as_xml).
[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18926
[2] https://www.debian.org/security/2020/dsa-4785
[3] https://www.openwall.com/lists/oss-security/2017/06/07/1
PR: 250971
Security: CVE-2017-18926
| -rw-r--r-- | security/vuxml/vuln.xml | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 168f22edc807..88e237f996d7 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,35 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="07c7ae7a-224b-11eb-aa6e-e0d55e2a8bf9"> + <topic>raptor2 -- buffer overflow</topic> + <affects> + <package> + <name>raptor2</name> + <range><lt>2.0.15_16</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>CVE MITRE reports:</p> + <blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18926"> + <p> + raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml). + </p> + </blockquote> + </body> + </description> + <references> + <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18926</url> + <url>https://github.com/LibreOffice/core/blob/master/external/redland/raptor/0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1</url> + <cvename>2017-18926</cvename> + </references> + <dates> + <discovery>2017-04-16</discovery> + <entry>2020-11-09</entry> + </dates> + </vuln> + <vuln vid="cf39ddf8-21be-11eb-8b47-641c67a117d8"> <topic>jupyter notebook -- open redirect vulnerability</topic> <affects> |