Описание
In Raptor RDF Syntax Library through 2.0.16, there is an integer underflow when normalizing a URI with the turtle parser in raptor_uri_normalize_path().
A flaw was found in the Raptor RDF syntax library (librdf). An integer underflow condition may be triggered when normalizing a URI with the turtle parser. This issue could cause memory corruption or an application crash, leading to a denial of service or other undefined behavior.
Отчет
This vulnerability in the Raptor RDF syntax library (librdf) ios marked as important severity rather than moderate due to the potential for memory corruption resulting from the integer underflow condition. Memory corruption can lead to application crashes, creating a reliable vector for denial-of-service (DoS) attacks, and, in certain cases, could be exploited to achieve arbitrary code execution, depending on how memory is manipulated. Given that the Turtle parser is commonly used for processing external RDF data, the vulnerability increases the attack surface for applications that handle untrusted or user-supplied input.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | raptor | Out of support scope | ||
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | raptor2 | Fixed | RHSA-2025:0319 | 14.01.2025 |
| Red Hat Enterprise Linux 8 | raptor2 | Fixed | RHSA-2025:0314 | 14.01.2025 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | raptor2 | Fixed | RHSA-2025:0315 | 14.01.2025 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | raptor2 | Fixed | RHSA-2025:0313 | 14.01.2025 |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | raptor2 | Fixed | RHSA-2025:0313 | 14.01.2025 |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | raptor2 | Fixed | RHSA-2025:0313 | 14.01.2025 |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | raptor2 | Fixed | RHSA-2025:0326 | 15.01.2025 |
| Red Hat Enterprise Linux 8.6 Telecommunications Update Service | raptor2 | Fixed | RHSA-2025:0326 | 15.01.2025 |
| Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | raptor2 | Fixed | RHSA-2025:0326 | 15.01.2025 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.3 High
CVSS3
Связанные уязвимости
In Raptor RDF Syntax Library through 2.0.16, there is an integer underflow when normalizing a URI with the turtle parser in raptor_uri_normalize_path().
In Raptor RDF Syntax Library through 2.0.16, there is an integer underflow when normalizing a URI with the turtle parser in raptor_uri_normalize_path().
In Raptor RDF Syntax Library through 2.0.16, there is an integer under ...
EPSS
7.3 High
CVSS3