CVE-2024-57822

In Raptor RDF Syntax Library through 2.0.16, there is a heap-based buffer over-read when parsing triples with the nquads parser in raptor_ntriples_parse_term_internal().
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
mitreCNA
4 MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
VendorProductVersion
librdfraptor_rdf_syntax_library
𝑥
≤ 2.0.16
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
raptor2
bullseye
postponed
bookworm
2.0.15-4+deb12u1
fixed
forky
2.0.16-6
fixed
sid
2.0.16-6
fixed
trixie
2.0.16-6
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
raptor2
plucky
Fixed 2.0.16-4ubuntu1
released
oracular
Fixed 2.0.16-4ubuntu0.1
released
noble
Fixed 2.0.16-3ubuntu0.1
released
jammy
Fixed 2.0.15-0ubuntu4.1
released
focal
Fixed 2.0.15-0ubuntu1.20.04.2
released
bionic
needed
xenial
needed
Common Weakness Enumeration
References
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067896
https://github.com/dajobe/raptor/issues/70
https://github.com/pedrib/PoC/blob/master/fuzzing/raptor-fuzz.md
https://github.com/pedrib/PoC/blob/master/fuzzing/raptor-fuzz.md