CVE-2017-9765 — Integer Overflow or Wraparound in Gsoap

CWE-190 — Integer Overflow or Wraparound8 documents6 sources

Severity

8.1HIGHNVD

EPSS

9.1%

top 7.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Genivia Gsoap

Timeline

PublishedJul 20

Latest updateMay 17

Description

Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and 2.8.x before 2.8.48, as used on Axis cameras and other devices, allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow and application crash) via a large XML document, aka Devil's Ivy. NOTE: the large document would be blocked by many common web-server configurations on general-purpose computers.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

▶Debiangenivia/gsoap< 2.8.48-1+3

▶NVDgenivia/gsoap66 versions+65

🔴Vulnerability Details

GHSA

GHSA-h3gg-c3fx-2m67: Integer overflow in the soap_get function in Genivia gSOAP 2↗2022-05-17

▶

CVEList

CVE-2017-9765: Integer overflow in the soap_get function in Genivia gSOAP 2↗2017-07-20

▶

OSV

CVE-2017-9765: Integer overflow in the soap_get function in Genivia gSOAP 2↗2017-07-20

▶

📋Vendor Advisories

Debian

CVE-2017-9765: gsoap - Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and 2.8.x befor...↗2017

▶

💬Community

Bugzilla

CVE-2017-9765 gsoap: Stack-based buffer overflow when receieving XML message with size larger than 2GB↗2017-07-19

▶

Bugzilla

CVE-2017-9765 gsoap: Stack-based buffer overflow when receieving XML message with size larger than 2GB [fedora-all]↗2017-07-19

▶

Bugzilla

CVE-2017-9765 gsoap: Stack-based buffer overflow when receieving XML message with size larger than 2GB [epel-all]↗2017-07-19

▶