CVE-2017-9765
Summary
| CVE | CVE-2017-9765 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-07-20 00:29:00 UTC |
| Updated | 2023-11-07 02:50:00 UTC |
| Description | Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and 2.8.x before 2.8.48, as used on Axis cameras and other devices, allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow and application crash) via a large XML document, aka Devil's Ivy. NOTE: the large document would be blocked by many common web-server configurations on general-purpose computers. |
Risk And Classification
Problem Types: CWE-190
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Genivia | Gsoap | 2.7.0 | All | All | All |
| Application | Genivia | Gsoap | 2.7.1 | All | All | All |
| Application | Genivia | Gsoap | 2.7.10 | All | All | All |
| Application | Genivia | Gsoap | 2.7.11 | All | All | All |
| Application | Genivia | Gsoap | 2.7.12 | All | All | All |
| Application | Genivia | Gsoap | 2.7.13 | All | All | All |
| Application | Genivia | Gsoap | 2.7.14 | All | All | All |
| Application | Genivia | Gsoap | 2.7.15 | All | All | All |
| Application | Genivia | Gsoap | 2.7.16 | All | All | All |
| Application | Genivia | Gsoap | 2.7.17 | All | All | All |
| Application | Genivia | Gsoap | 2.7.2 | All | All | All |
| Application | Genivia | Gsoap | 2.7.3 | All | All | All |
| Application | Genivia | Gsoap | 2.7.4 | All | All | All |
| Application | Genivia | Gsoap | 2.7.5 | All | All | All |
| Application | Genivia | Gsoap | 2.7.6 | All | All | All |
| Application | Genivia | Gsoap | 2.7.7 | All | All | All |
| Application | Genivia | Gsoap | 2.7.8 | All | All | All |
| Application | Genivia | Gsoap | 2.7.9 | All | All | All |
| Application | Genivia | Gsoap | 2.8.0 | All | All | All |
| Application | Genivia | Gsoap | 2.8.1 | All | All | All |
| Application | Genivia | Gsoap | 2.8.10 | All | All | All |
| Application | Genivia | Gsoap | 2.8.11 | All | All | All |
| Application | Genivia | Gsoap | 2.8.12 | All | All | All |
| Application | Genivia | Gsoap | 2.8.13 | All | All | All |
| Application | Genivia | Gsoap | 2.8.14 | All | All | All |
| Application | Genivia | Gsoap | 2.8.15 | All | All | All |
| Application | Genivia | Gsoap | 2.8.16 | All | All | All |
| Application | Genivia | Gsoap | 2.8.17 | All | All | All |
| Application | Genivia | Gsoap | 2.8.18 | All | All | All |
| Application | Genivia | Gsoap | 2.8.19 | All | All | All |
| Application | Genivia | Gsoap | 2.8.2 | All | All | All |
| Application | Genivia | Gsoap | 2.8.20 | All | All | All |
| Application | Genivia | Gsoap | 2.8.21 | All | All | All |
| Application | Genivia | Gsoap | 2.8.22 | All | All | All |
| Application | Genivia | Gsoap | 2.8.23 | All | All | All |
| Application | Genivia | Gsoap | 2.8.24 | All | All | All |
| Application | Genivia | Gsoap | 2.8.25 | All | All | All |
| Application | Genivia | Gsoap | 2.8.26 | All | All | All |
| Application | Genivia | Gsoap | 2.8.27 | All | All | All |
| Application | Genivia | Gsoap | 2.8.28 | All | All | All |
| Application | Genivia | Gsoap | 2.8.29 | All | All | All |
| Application | Genivia | Gsoap | 2.8.3 | All | All | All |
| Application | Genivia | Gsoap | 2.8.30 | All | All | All |
| Application | Genivia | Gsoap | 2.8.31 | All | All | All |
| Application | Genivia | Gsoap | 2.8.32 | All | All | All |
| Application | Genivia | Gsoap | 2.8.33 | All | All | All |
| Application | Genivia | Gsoap | 2.8.34 | All | All | All |
| Application | Genivia | Gsoap | 2.8.35 | All | All | All |
| Application | Genivia | Gsoap | 2.8.36 | All | All | All |
| Application | Genivia | Gsoap | 2.8.37 | All | All | All |
| Application | Genivia | Gsoap | 2.8.38 | All | All | All |
| Application | Genivia | Gsoap | 2.8.39 | All | All | All |
| Application | Genivia | Gsoap | 2.8.4 | All | All | All |
| Application | Genivia | Gsoap | 2.8.40 | All | All | All |
| Application | Genivia | Gsoap | 2.8.41 | All | All | All |
| Application | Genivia | Gsoap | 2.8.42 | All | All | All |
| Application | Genivia | Gsoap | 2.8.43 | All | All | All |
| Application | Genivia | Gsoap | 2.8.44 | All | All | All |
| Application | Genivia | Gsoap | 2.8.45 | All | All | All |
| Application | Genivia | Gsoap | 2.8.46 | All | All | All |
| Application | Genivia | Gsoap | 2.8.47 | All | All | All |
| Application | Genivia | Gsoap | 2.8.5 | All | All | All |
| Application | Genivia | Gsoap | 2.8.6 | All | All | All |
| Application | Genivia | Gsoap | 2.8.7 | All | All | All |
| Application | Genivia | Gsoap | 2.8.8 | All | All | All |
| Application | Genivia | Gsoap | 2.8.9 | All | All | All |
| Application | Genivia | Gsoap | 2.7.0 | All | All | All |
| Application | Genivia | Gsoap | 2.7.1 | All | All | All |
| Application | Genivia | Gsoap | 2.7.10 | All | All | All |
| Application | Genivia | Gsoap | 2.7.11 | All | All | All |
| Application | Genivia | Gsoap | 2.7.12 | All | All | All |
| Application | Genivia | Gsoap | 2.7.13 | All | All | All |
| Application | Genivia | Gsoap | 2.7.14 | All | All | All |
| Application | Genivia | Gsoap | 2.7.15 | All | All | All |
| Application | Genivia | Gsoap | 2.7.16 | All | All | All |
| Application | Genivia | Gsoap | 2.7.17 | All | All | All |
| Application | Genivia | Gsoap | 2.7.2 | All | All | All |
| Application | Genivia | Gsoap | 2.7.3 | All | All | All |
| Application | Genivia | Gsoap | 2.7.4 | All | All | All |
| Application | Genivia | Gsoap | 2.7.5 | All | All | All |
| Application | Genivia | Gsoap | 2.7.6 | All | All | All |
| Application | Genivia | Gsoap | 2.7.7 | All | All | All |
| Application | Genivia | Gsoap | 2.7.8 | All | All | All |
| Application | Genivia | Gsoap | 2.7.9 | All | All | All |
| Application | Genivia | Gsoap | 2.8.0 | All | All | All |
| Application | Genivia | Gsoap | 2.8.1 | All | All | All |
| Application | Genivia | Gsoap | 2.8.10 | All | All | All |
| Application | Genivia | Gsoap | 2.8.11 | All | All | All |
| Application | Genivia | Gsoap | 2.8.12 | All | All | All |
| Application | Genivia | Gsoap | 2.8.13 | All | All | All |
| Application | Genivia | Gsoap | 2.8.14 | All | All | All |
| Application | Genivia | Gsoap | 2.8.15 | All | All | All |
| Application | Genivia | Gsoap | 2.8.16 | All | All | All |
| Application | Genivia | Gsoap | 2.8.17 | All | All | All |
| Application | Genivia | Gsoap | 2.8.18 | All | All | All |
| Application | Genivia | Gsoap | 2.8.19 | All | All | All |
| Application | Genivia | Gsoap | 2.8.2 | All | All | All |
| Application | Genivia | Gsoap | 2.8.20 | All | All | All |
| Application | Genivia | Gsoap | 2.8.21 | All | All | All |
| Application | Genivia | Gsoap | 2.8.22 | All | All | All |
| Application | Genivia | Gsoap | 2.8.23 | All | All | All |
| Application | Genivia | Gsoap | 2.8.24 | All | All | All |
| Application | Genivia | Gsoap | 2.8.25 | All | All | All |
| Application | Genivia | Gsoap | 2.8.26 | All | All | All |
| Application | Genivia | Gsoap | 2.8.27 | All | All | All |
| Application | Genivia | Gsoap | 2.8.28 | All | All | All |
| Application | Genivia | Gsoap | 2.8.29 | All | All | All |
| Application | Genivia | Gsoap | 2.8.3 | All | All | All |
| Application | Genivia | Gsoap | 2.8.30 | All | All | All |
| Application | Genivia | Gsoap | 2.8.31 | All | All | All |
| Application | Genivia | Gsoap | 2.8.32 | All | All | All |
| Application | Genivia | Gsoap | 2.8.33 | All | All | All |
| Application | Genivia | Gsoap | 2.8.34 | All | All | All |
| Application | Genivia | Gsoap | 2.8.35 | All | All | All |
| Application | Genivia | Gsoap | 2.8.36 | All | All | All |
| Application | Genivia | Gsoap | 2.8.37 | All | All | All |
| Application | Genivia | Gsoap | 2.8.38 | All | All | All |
| Application | Genivia | Gsoap | 2.8.39 | All | All | All |
| Application | Genivia | Gsoap | 2.8.4 | All | All | All |
| Application | Genivia | Gsoap | 2.8.40 | All | All | All |
| Application | Genivia | Gsoap | 2.8.41 | All | All | All |
| Application | Genivia | Gsoap | 2.8.42 | All | All | All |
| Application | Genivia | Gsoap | 2.8.43 | All | All | All |
| Application | Genivia | Gsoap | 2.8.44 | All | All | All |
| Application | Genivia | Gsoap | 2.8.45 | All | All | All |
| Application | Genivia | Gsoap | 2.8.46 | All | All | All |
| Application | Genivia | Gsoap | 2.8.47 | All | All | All |
| Application | Genivia | Gsoap | 2.8.5 | All | All | All |
| Application | Genivia | Gsoap | 2.8.6 | All | All | All |
| Application | Genivia | Gsoap | 2.8.7 | All | All | All |
| Application | Genivia | Gsoap | 2.8.8 | All | All | All |
| Application | Genivia | Gsoap | 2.8.9 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Genivia Product Advisories | www.genivia.com | ||
| gSOAP Changelog | MISC | www.genivia.com | Release Notes, Vendor Advisory |
| Bug 1049348 – VUL-0: CVE-2017-9765: gsoap stack buffer overflow vulnerability could lead to remote execution | MISC | bugzilla.suse.com | Issue Tracking, Third Party Advisory, VDB Entry |
| Senrio Blog - Senrio | MISC | blog.senr.io | Mitigation, Technical Description, Third Party Advisory |
| Devil's Ivy - Senrio | MISC | blog.senr.io | Exploit, Technical Description, Third Party Advisory |
| Bug 1472807 – CVE-2017-9765 gsoap: Stack-based buffer overflow when receieving XML message with size larger than 2GB | MISC | bugzilla.redhat.com | Issue Tracking, Third Party Advisory, VDB Entry |
| Genivia gSOAP CVE-2017-9765 Stack Based Buffer Overflow Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Genivia Product Advisories | MISC | www.genivia.com | Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.