CVE-2024-57823

Jan. 10, 2025, 2:15 p.m.

9.3
Critical

Description

In Raptor RDF Syntax Library through 2.0.16, there is an integer underflow when normalizing a URI with the turtle parser in raptor_uri_normalize_path().

Product(s) Impacted

Product Versions
Raptor RDF Syntax Library
  • ['through 2.0.16']

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-191
Integer Underflow (Wrap or Wraparound)
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

References

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067896
https://github.com/dajobe/raptor/issues/70
https://github.com/pedrib/PoC/blob/master/fuzzing/raptor-fuzz.md

Tags

cve@mitre.org
CWE-191
2025-01-10
CVE-2024-57823

CVSS Score

9.3 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: CHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH

    • CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

    View Vector String

Timeline

Published: Jan. 10, 2025, 1:15 p.m.
Last Modified: Jan. 10, 2025, 2:15 p.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

cve@mitre.org

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.