From af69cc701377defddae5ca9a85308d3fcc035a40 Mon Sep 17 00:00:00 2001 From: "Tobias C. Berner" Date: Mon, 9 Nov 2020 05:28:05 +0000 Subject: [PATCH] Document vulnerability in textproc/raptor2 From [1], [2], [3]: raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml). [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18926 [2] https://www.debian.org/security/2020/dsa-4785 [3] https://www.openwall.com/lists/oss-security/2017/06/07/1 PR: 250971 Security: CVE-2017-18926 --- security/vuxml/vuln.xml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 168f22edc807..88e237f996d7 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,35 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> + + raptor2 -- buffer overflow + + + raptor2 + 2.0.15_16 + + + + +

CVE MITRE reports:

+
+

+ raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml). +

+
+ + + + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18926 + https://github.com/LibreOffice/core/blob/master/external/redland/raptor/0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1 + 2017-18926 + + + 2017-04-16 + 2020-11-09 + + + jupyter notebook -- open redirect vulnerability