9.3 CVE-2024-57823
Exploit
In Raptor RDF Syntax Library through 2.0.16, there is an integer underflow when normalizing a URI with the turtle parser in raptor_uri_normalize_path().
https://nvd.nist.gov/vuln/detail/CVE-2024-57823
Categories
CWE-191 : Integer Underflow (Wrap or Wraparound)
This can happen in signed and unsigned cases.
References
af854a3a-2127-422b-91ae-364da2661108
cve@mitre.org Exploit
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067896 Exploit Mailing List Third Party Advisory |
| https://github.com/dajobe/raptor/issues/70 Exploit Issue Tracking |
| https://github.com/pedrib/PoC/blob/master/fuzzing/raptor-fuzz.md Exploit Third Party Advisory |
CPE
| cpe | start | end |
|---|---|---|
| Configuration 1 | ||
| cpe:2.3:a:librdf:raptor_rdf_syntax_library:*:*:*:*:*:*:*:* | <= 2.0.16 | |
REMEDIATION
EXPLOITS
Exploit-db.com
| id | description | date | |
|---|---|---|---|
| No known exploits | |||
POC Github
| Url |
|---|
| No known exploits |
Other Nist (github, ...)
| Url |
|---|
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067896 |
| https://github.com/dajobe/raptor/issues/70 |
| https://github.com/pedrib/PoC/blob/master/fuzzing/raptor-fuzz.md |
CAPEC
Common Attack Pattern Enumerations and Classifications
| id | description | severity |
|---|---|---|
| No entry | ||
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.
