9.8

CVE-2017-5522

Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and 7.0.x before 7.0.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving WFS get feature requests.

Data is provided by the National Vulnerability Database (NVD)
DebianDebian Linux Version8.0
OsgeoMapserver Version <= 6.0.5
OsgeoMapserver Version6.2.0
OsgeoMapserver Version6.2.0 Updatebeta1
OsgeoMapserver Version6.2.0 Updatebeta2
OsgeoMapserver Version6.2.0 Updatebeta3
OsgeoMapserver Version6.2.0 Updatebeta4
OsgeoMapserver Version6.2.0 Updaterc1
OsgeoMapserver Version6.2.1
OsgeoMapserver Version6.2.2
OsgeoMapserver Version6.2.3
OsgeoMapserver Version6.4.0
OsgeoMapserver Version6.4.0 Updatebeta1
OsgeoMapserver Version6.4.0 Updatebeta2
OsgeoMapserver Version6.4.0 Updaterc1
OsgeoMapserver Version6.4.1
OsgeoMapserver Version6.4.2
OsgeoMapserver Version6.4.3
OsgeoMapserver Version6.4.4
OsgeoMapserver Version7.0.0
OsgeoMapserver Version7.0.0 Updatebeta1
OsgeoMapserver Version7.0.0 Updatebeta2
OsgeoMapserver Version7.0.1
OsgeoMapserver Version7.0.2
OsgeoMapserver Version7.0.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 4.84% 0.885
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.