Errata ALT-PU-2023-8332-1: Information
Fixes
Published: Nov. 6, 2020
BDU:2021-03499
Уязвимость компонента raptor_xml_writer_start_element_common библиотеки на Си Raptor, связанная с записью за границами буфера, позволяющая нарушителю нарушить целостность данных или вызвать отказ в обслуживании
Severity: HIGH (7.1) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
Links:
Published: May 13, 2021
BDU:2022-05307
Уязвимость функции raptor_xml_writer_start_element_common библиотеки Raptor, позволяющая нарушителю выполнить произвольный код
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Nov. 6, 2020
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-18926
raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml).
Severity: HIGH (7.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
Links:
- https://www.openwall.com/lists/oss-security/2017/06/07/1
- https://github.com/LibreOffice/core/blob/master/external/redland/raptor/0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1
- [debian-lts-announce] 20201107 [SECURITY] [DLA 2438-1] raptor2 security update
- DSA-4785
- [oss-security] 20201113 Buffer Overflow in raptor widely unfixed in Linux distros
- [oss-security] 20201113 Re: Buffer Overflow in raptor widely unfixed in Linux distros
- [oss-security] 20201114 Re: Buffer Overflow in raptor widely unfixed in Linux distros
- [oss-security] 20201116 Re: Buffer Overflow in raptor widely unfixed in Linux distros
- [oss-security] 20201116 Re: Buffer Overflow in raptor widely unfixed in Linux distros
- FEDORA-2020-b15dd44972
- FEDORA-2020-d6675a61f1
- FEDORA-2020-3c1e69f1b1
Published: May 13, 2021
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2020-25713
A malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1900685
- https://bugs.librdf.org/mantis/view.php?id=650
- [oss-security] 20201116 Re: Buffer Overflow in raptor widely unfixed in Linux distros
- [debian-lts-announce] 20211214 [SECURITY] [DLA 2846-1] raptor2 security update
- FEDORA-2021-8fe81dcf9f
- FEDORA-2021-5752e07eb6