Package raptor2 updated to version 2.0.16-alt1 for branch c10f1 in task 338229.

Published: 2020-11-06

BDU:2021-03499

Уязвимость компонента raptor_xml_writer_start_element_common библиотеки на Си Raptor, связанная с записью за границами буфера, позволяющая нарушителю нарушить целостность данных или вызвать отказ в обслуживании

Severity: HIGH (7.1) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

Severity: HIGH (8.5) Vector: AV:N/AC:L/Au:N/C:N/I:P/A:C

References:

CVE-2017-18926

Published: 2021-05-13

BDU:2022-05307

Уязвимость функции raptor_xml_writer_start_element_common библиотеки Raptor, позволяющая нарушителю выполнить произвольный код

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (6.8) Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

References:

CVE-2020-25713

Published: 2020-11-06
Modified: 2024-11-21

CVE-2017-18926

raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml).

Severity: MEDIUM (5.8) Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P

Severity: HIGH (7.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

References:

Published: 2021-05-13
Modified: 2024-11-21

CVE-2020-25713

A malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common.

Severity: MEDIUM (4.0) Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

FTBFS с 16 декабря

Version: 2.1.2

Package raptor2 update in c10f1 on 2024-01-16

ALT-PU-2024-1165-3

Closed vulnerabilities

BDU:2021-03499

BDU:2022-05307

CVE-2017-18926

CVE-2020-25713

Closed bugs

Bug #48916