CVE-2017-9765
published 2017-07-20CVE-2017-9765: Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and 2.8.x before 2.8.48, as used on Axis cameras and other devices, allows remote attackers to…
PriorityP357high8.1CVSS 3.0
AVNACHPRNUINSUCHIHAH
EPSS
21.89%
97.3th percentile
Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and 2.8.x before 2.8.48, as used on Axis cameras and other devices, allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow and application crash) via a large XML document, aka Devil's Ivy. NOTE: the large document would be blocked by many common web-server configurations on general-purpose computers.
Affected
72 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gsoap | < gsoap 2.8.48-1 (bookworm) | gsoap 2.8.48-1 (bookworm) |
| debian | r-other-x4r | < gsoap 2.8.48-1 (bookworm) | gsoap 2.8.48-1 (bookworm) |
| genivia | gsoap | — | — |
| genivia | gsoap | — | — |
| genivia | gsoap | — | — |
| genivia | gsoap | — | — |
| genivia | gsoap | — | — |
| genivia | gsoap | — | — |
| genivia | gsoap | — | — |
| genivia | gsoap | — | — |
| genivia | gsoap | — | — |
| genivia | gsoap | — | — |
| genivia | gsoap | — | — |
| genivia | gsoap | — | — |
| genivia | gsoap | — | — |
| genivia | gsoap | — | — |
| genivia | gsoap | — | — |
| genivia | gsoap | — | — |
| genivia | gsoap | — | — |
| genivia | gsoap | — | — |
| genivia | gsoap | — | — |
| genivia | gsoap | — | — |
| genivia | gsoap | — | — |
| genivia | gsoap | — | — |
| genivia | gsoap | — | — |
CVSS provenance
nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.1HIGH
vendor_debian8.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h3gg-c3fx-2m67: Integer overflow in the soap_get function in Genivia gSOAP 2
ghsa_unreviewed·2022-05-17
CVE-2017-9765 [HIGH] CWE-190 GHSA-h3gg-c3fx-2m67: Integer overflow in the soap_get function in Genivia gSOAP 2
Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and 2.8.x before 2.8.48, as used on Axis cameras and other devices, allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow and application crash) via a large XML document, aka Devil's Ivy. NOTE: the large document would be blocked by many common web-server configurations on general-purpose computers.
OSV
CVE-2017-9765: Integer overflow in the soap_get function in Genivia gSOAP 2
osv·2017-07-20·CVSS 8.1
CVE-2017-9765 [HIGH] CVE-2017-9765: Integer overflow in the soap_get function in Genivia gSOAP 2
Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and 2.8.x before 2.8.48, as used on Axis cameras and other devices, allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow and application crash) via a large XML document, aka Devil's Ivy. NOTE: the large document would be blocked by many common web-server configurations on general-purpose computers.
CISA ICS
OSIsoft PI SQL Client
cisa_ics·2019-09-10·CVSS 8.1
[HIGH] OSIsoft PI SQL Client
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
OSIsoft PI SQL Client
Last RevisedSeptember 10, 2019
Alert CodeICSA-19-253-06
## 1. EXECUTIVE SUMMARY
- CVSS v3 8.1
- ATTENTION: Exploitable remotely
- Vendor: OSIsoft LLC
- Equipment: OSIsoft PI SQL Client
- Vulnerability: Integer Overflow or Wraparound
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow remote code execution or cause a denial of service, resulting in disclosure, deletion, or modification of information.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of OSIsoft PI SQL Client, a component interface th
Debian
CVE-2017-9765: gsoap - Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and 2.8.x befor...
vendor_debian·2017·CVSS 8.1
CVE-2017-9765 [HIGH] CVE-2017-9765: gsoap - Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and 2.8.x befor...
Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and 2.8.x before 2.8.48, as used on Axis cameras and other devices, allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow and application crash) via a large XML document, aka Devil's Ivy. NOTE: the large document would be blocked by many common web-server configurations on general-purpose computers.
Scope: local
bookworm: resolved (fixed in 2.8.48-1)
bullseye: resolved (fixed in 2.8.48-1)
forky: resolved (fixed in 2.8.48-1)
sid: resolved (fixed in 2.8.48-1)
trixie: resolved (fixed in 2.8.48-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2017-9765 gsoap: Stack-based buffer overflow when receieving XML message with size larger than 2GB
bugzilla·2017-07-19·CVSS 8.1
CVE-2017-9765 [HIGH] CVE-2017-9765 gsoap: Stack-based buffer overflow when receieving XML message with size larger than 2GB
CVE-2017-9765 gsoap: Stack-based buffer overflow when receieving XML message with size larger than 2GB
A buffer overflow can cause an open unsecured server to crash after 2GB (greater than 2147483711 bytes to trigger the software bug)) XML message is received. Fortunately, the overflowing data after 2GB is cleaned up in the buffer which means that the chances of exploiting this flaw (by injecting code) is significantly reduced in gSOAP versions affected.
References:
https://www.genivia.com/advisory.html
Discussion:
Created gsoap tracking bugs for this issue:
Affects: epel-all [bug 1472808]
Affects: fedora-all [bug 1472809]
---
References:
http://seclists.org/oss-sec/2017/q3/190
---
This CVE Bugzilla entry is for community support informational purposes only as it does not affect
Bugzilla
CVE-2017-9765 gsoap: Stack-based buffer overflow when receieving XML message with size larger than 2GB [fedora-all]
bugzilla·2017-07-19·CVSS 8.1
CVE-2017-9765 [HIGH] CVE-2017-9765 gsoap: Stack-based buffer overflow when receieving XML message with size larger than 2GB [fedora-all]
CVE-2017-9765 gsoap: Stack-based buffer overflow when receieving XML message with size larger than 2GB [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this iss
Bugzilla
CVE-2017-9765 gsoap: Stack-based buffer overflow when receieving XML message with size larger than 2GB [epel-all]
bugzilla·2017-07-19·CVSS 8.1
CVE-2017-9765 [HIGH] CVE-2017-9765 gsoap: Stack-based buffer overflow when receieving XML message with size larger than 2GB [epel-all]
CVE-2017-9765 gsoap: Stack-based buffer overflow when receieving XML message with size larger than 2GB [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue a
Checkpoint
Karta – Matching Open Sources in Binaries
blogs_checkpoint·2019-03-21
CVE-2017-9765 Karta – Matching Open Sources in Binaries
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
AI Research 2
Android Malware 23
Artificial Intelligence 4
ChatGPT 3
Check Point Research Publications 455
Cloud Security 1
CPRadio 44
Crypto 2
Data & Threat Intelligence 2
Data Analysis 0
Demos 22
Global Cyber Attack Reports 408
How To Guides 13
Ransomware 5
Russo-Ukrainian War 1
Security Report 1
Threat and data analysis 0
Threat Research 174
Web 3.0 Security 11
Wipers 0
## Karta – Matching Open Sources in Binaries
Research by: Eyal Itkin
Introduction
“Karta” (Russian for “map”) is a source code assisted binary matching plugin for IDA. The plugin was develo
http://blog.senr.io/blog/devils-ivy-flaw-in-widely-used-third-party-code-impacts-millionshttp://blog.senr.io/devilsivy.htmlhttp://www.securityfocus.com/bid/99868https://bugzilla.redhat.com/show_bug.cgi?id=1472807https://bugzilla.suse.com/show_bug.cgi?id=1049348https://www.genivia.com/advisory.html#Security_advisory:_CVE-2017-9765_bug_in_certain_versions_of_gSOAP_2.7_up_to_2.8.47_%28June_21%2C_2017%29https://www.genivia.com/changelog.html#Version_2.8.48_upd_%2806/21/2017%29http://blog.senr.io/blog/devils-ivy-flaw-in-widely-used-third-party-code-impacts-millionshttp://blog.senr.io/devilsivy.htmlhttp://www.securityfocus.com/bid/99868https://bugzilla.redhat.com/show_bug.cgi?id=1472807https://bugzilla.suse.com/show_bug.cgi?id=1049348https://www.genivia.com/advisory.html#Security_advisory:_CVE-2017-9765_bug_in_certain_versions_of_gSOAP_2.7_up_to_2.8.47_%28June_21%2C_2017%29https://www.genivia.com/changelog.html#Version_2.8.48_upd_%2806/21/2017%29
2017-07-20
Published