Rapid7 Vulnerability & Exploit Database

Alpine Linux: CVE-2017-9765: gsoap Stack-based buffer overflow when receieving XML message with size larger than 2GB

Free InsightVM Trial No Credit Card Necessary

Watch Demo See how it all works

Back to Search

Alpine Linux: CVE-2017-9765: gsoap Stack-based buffer overflow when receieving XML message with size larger than 2GB

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

07/19/2017

Created

07/25/2018

Added

09/20/2017

Modified

12/04/2019

Description

Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and 2.8.x before 2.8.48, as used on Axis cameras and other devices, allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow and application crash) via a large XML document, aka Devil's Ivy. NOTE: the large document would be blocked by many common web-server configurations on general-purpose computers.

Solution(s)

alpine-linux-upgrade-gsoap

References

https://attackerkb.com/topics/cve-2017-9765
7569
7570
99868
CVE - 2017-9765

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Alpine Linux: CVE-2017-9765: gsoap Stack-based buffer overflow when receieving XML message with size larger than 2GB

Alpine Linux: CVE-2017-9765: gsoap Stack-based buffer overflow when receieving XML message with size larger than 2GB

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.