9.8

CVE-2017-2885

Exploit
An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 24.34% 0.976
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
talos-cna@cisco.com 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://packetstormsecurity.com/files/160388/ProCaster-LE-32F430-GStreamer-souphttpsrc-libsoup-2.51.3-Stack-Overflow.html
Third Party Advisory
Exploit
VDB Entry
http://seclists.org/fulldisclosure/2020/Dec/3
Third Party Advisory
Exploit
Mailing List
http://www.securityfocus.com/bid/100258
Broken Link
https://access.redhat.com/errata/RHSA-2017:2459
Third Party Advisory
https://www.debian.org/security/2017/dsa-3929
Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0392
Third Party Advisory
Exploit
Technical Description