|
[Japanese]
|
JVNDB-2017-005208
|
gSOAP vulnerable to stack-based buffer overflow
|
|
gSOAP library provided by Genivia contains a stack-based buffer overflow(CWE-121). Processing a crafted SOAP message sent by a remote attacker may result in code execution.
|
|
CVSS V3 Severity:
Base Metrics 7.3 (High) [IPA Score]
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low
CVSS V2 Severity:
Base Metrics 7.5 (High) [IPA Score]
- Access Vector: Network
- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: Partial
- Availability Impact: Partial
|
|
|
Genivia
- gSOAP versions prior to 2.8.48
|
|
|
Processing a crafted SOAP message sent by a remote attacker may result in code execution.
|
|
[Update to the latest version]
Update to the latest version according to the information provided by the developer.
The developer released gSOAP version 2.8.48 on June 21th, 2017, to fix this vulnerability.
|
|
Genivia
SUSE
KONICA MINOLTA, INC.
Brother Industries
Ricoh Co., Ltd
Red Hat, Inc.
TOSHIBA TEC
NEC Corporation
FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)
|
|
|
|
- CVE-2017-9765
|
|
- JVN : JVNVU#98807587
- National Vulnerability Database (NVD) : CVE-2017-9765
- Related document : Senrio Blog - Devil's Ivy: Flaw in Widely Used Third-party Code Impacts Millions
- Related document : Devil's Ivy
|
|
- [2017/07/21]
Web page was published
[2018/02/14]
References : Content was added
Vendor Information : Content was added
- [2025/06/27]
Vendor Information : Contents were added
|
