Описание
Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and 2.8.x before 2.8.48, as used on Axis cameras and other devices, allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow and application crash) via a large XML document, aka Devil's Ivy. NOTE: the large document would be blocked by many common web-server configurations on general-purpose computers.
Ссылки
- MitigationTechnical DescriptionThird Party Advisory
- ExploitTechnical DescriptionThird Party Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingThird Party AdvisoryVDB Entry
- Issue TrackingThird Party AdvisoryVDB Entry
- Release NotesVendor Advisory
- MitigationTechnical DescriptionThird Party Advisory
- ExploitTechnical DescriptionThird Party Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingThird Party AdvisoryVDB Entry
- Issue TrackingThird Party AdvisoryVDB Entry
- Release NotesVendor Advisory
Уязвимые конфигурации
Одно из
EPSS
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
Связанные уязвимости
Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and 2.8.x before 2.8.48, as used on Axis cameras and other devices, allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow and application crash) via a large XML document, aka Devil's Ivy. NOTE: the large document would be blocked by many common web-server configurations on general-purpose computers.
Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and 2 ...
Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and 2.8.x before 2.8.48, as used on Axis cameras and other devices, allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow and application crash) via a large XML document, aka Devil's Ivy. NOTE: the large document would be blocked by many common web-server configurations on general-purpose computers.
EPSS
8.1 High
CVSS3
6.8 Medium
CVSS2