FKIE_CVE-2017-9765

Vulnerability from fkie_nvd - Published: 2017-07-20 00:29 - Updated: 2025-04-20 01:37
Severity ?
8.1 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and 2.8.x before 2.8.48, as used on Axis cameras and other devices, allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow and application crash) via a large XML document, aka Devil's Ivy. NOTE: the large document would be blocked by many common web-server configurations on general-purpose computers.
References
cve@mitre.orghttp://blog.senr.io/blog/devils-ivy-flaw-in-widely-used-third-party-code-impacts-millionsMitigation, Technical Description, Third Party Advisory
cve@mitre.orghttp://blog.senr.io/devilsivy.htmlExploit, Technical Description, Third Party Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/99868Third Party Advisory, VDB Entry
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=1472807Issue Tracking, Third Party Advisory, VDB Entry
cve@mitre.orghttps://bugzilla.suse.com/show_bug.cgi?id=1049348Issue Tracking, Third Party Advisory, VDB Entry
cve@mitre.orghttps://www.genivia.com/advisory.html#Security_advisory:_CVE-2017-9765_bug_in_certain_versions_of_gSOAP_2.7_up_to_2.8.47_%28June_21%2C_2017%29
cve@mitre.orghttps://www.genivia.com/changelog.html#Version_2.8.48_upd_%2806/21/2017%29Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://blog.senr.io/blog/devils-ivy-flaw-in-widely-used-third-party-code-impacts-millionsMitigation, Technical Description, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://blog.senr.io/devilsivy.htmlExploit, Technical Description, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/99868Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1472807Issue Tracking, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.suse.com/show_bug.cgi?id=1049348Issue Tracking, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.genivia.com/advisory.html#Security_advisory:_CVE-2017-9765_bug_in_certain_versions_of_gSOAP_2.7_up_to_2.8.47_%28June_21%2C_2017%29
af854a3a-2127-422b-91ae-364da2661108https://www.genivia.com/changelog.html#Version_2.8.48_upd_%2806/21/2017%29Release Notes, Vendor Advisory
Impacted products
Vendor Product Version
genivia gsoap 2.7.0
genivia gsoap 2.7.1
genivia gsoap 2.7.2
genivia gsoap 2.7.3
genivia gsoap 2.7.4
genivia gsoap 2.7.5
genivia gsoap 2.7.6
genivia gsoap 2.7.7
genivia gsoap 2.7.8
genivia gsoap 2.7.9
genivia gsoap 2.7.10
genivia gsoap 2.7.11
genivia gsoap 2.7.12
genivia gsoap 2.7.13
genivia gsoap 2.7.14
genivia gsoap 2.7.15
genivia gsoap 2.7.16
genivia gsoap 2.7.17
genivia gsoap 2.8.0
genivia gsoap 2.8.1
genivia gsoap 2.8.2
genivia gsoap 2.8.3
genivia gsoap 2.8.4
genivia gsoap 2.8.5
genivia gsoap 2.8.6
genivia gsoap 2.8.7
genivia gsoap 2.8.8
genivia gsoap 2.8.9
genivia gsoap 2.8.10
genivia gsoap 2.8.11
genivia gsoap 2.8.12
genivia gsoap 2.8.13
genivia gsoap 2.8.14
genivia gsoap 2.8.15
genivia gsoap 2.8.16
genivia gsoap 2.8.17
genivia gsoap 2.8.18
genivia gsoap 2.8.19
genivia gsoap 2.8.20
genivia gsoap 2.8.21
genivia gsoap 2.8.22
genivia gsoap 2.8.23
genivia gsoap 2.8.24
genivia gsoap 2.8.25
genivia gsoap 2.8.26
genivia gsoap 2.8.27
genivia gsoap 2.8.28
genivia gsoap 2.8.29
genivia gsoap 2.8.30
genivia gsoap 2.8.31
genivia gsoap 2.8.32
genivia gsoap 2.8.33
genivia gsoap 2.8.34
genivia gsoap 2.8.35
genivia gsoap 2.8.36
genivia gsoap 2.8.37
genivia gsoap 2.8.38
genivia gsoap 2.8.39
genivia gsoap 2.8.40
genivia gsoap 2.8.41
genivia gsoap 2.8.42
genivia gsoap 2.8.43
genivia gsoap 2.8.44
genivia gsoap 2.8.45
genivia gsoap 2.8.46
genivia gsoap 2.8.47
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CBB3636-9B3C-4510-95A3-252C58512803",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A21B0C46-4D0F-4F62-B16E-0653D8967F69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E052E826-21DB-4319-A70E-0FE9E4EEA411",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B0D7CA0-7B78-4992-8C19-0786F9043472",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "15F24EDE-83A7-4AA4-9705-874ED61BA3C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C175F7E-B2E0-4B32-9EDC-BAF3F54249FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAA6230D-EA05-40AF-A32F-313F831B0144",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4E34821-2752-417B-A7E6-17B6B134C90D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.7.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BA08B1C-23ED-481C-80DE-79DA72E70990",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.7.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "194E477C-5D82-42A0-B8D9-D01562D63E1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.7.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A989624-C8E3-4D05-939E-0767B24A4FE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.7.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "7897D98D-87D9-4EBA-9CE6-9157420FC921",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.7.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEF79A11-5E29-4F65-828F-60B8AD07418D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.7.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECD5B9D9-F244-4D46-9295-160A1FD11093",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.7.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3FACDE9-9E5C-4E0B-B741-826C5009DC6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.7.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A09C78D-1AB0-414E-9AD8-B6D3D3C0E6FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.7.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EA182C1-F202-4597-892B-9D282944F197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.7.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2CED955-9381-4D75-872C-4A9116BA2287",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0D1493E-5DB4-47BF-9687-D8B1F4F9F9C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "17D930C1-E319-4280-A699-9212689246C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "17864E93-1E1C-40B8-8C42-6FEA85493A68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "28F201B4-283C-4DE2-8C58-BDA1A544CBCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5E24264-626A-420B-99D5-FEC3CD6E87DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC3F00D7-7A38-4BD3-A906-A9353C04B1E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EC584D2-A001-455D-B525-CD6431489E54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.8.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D367806E-9664-423B-9DC7-102949BEDABD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.8.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A8AB823-1D53-48CB-BB45-7928C282871D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.8.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EF4BC36-DEE3-4E27-932B-12DC3FBD6F57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.8.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "2792495C-C97D-4F01-A682-54F2F6028855",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.8.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "A895EF05-7C7A-4695-AACA-F6D3985B0CE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.8.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "F10012CF-CECE-4FF3-80AF-6BE451CF9670",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.8.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C80B20A-C551-4F58-A7CD-BF92AD614A24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.8.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E701D21-912D-4338-91AE-A56F114EA653",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.8.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FE217A0-A7E3-4403-BE5D-E4170752341B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.8.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDC9BFF6-0D19-4299-846E-A81A949E2BDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.8.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "54D11963-1098-429E-8191-B42AA7D00887",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.8.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "A275DDC1-D2B8-4C4F-A5C6-D8631832E8E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.8.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFFF675C-3FCC-466F-A8CE-9E17F39895D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.8.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7A1D8AE-7559-40D0-B71C-AD88ADC59900",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.8.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0A177EC-7BC0-46D6-9851-4A9D9E2F6DE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.8.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F58CA26-237D-45C4-ACF5-51302797B38A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.8.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "88E25C09-FF39-4180-9B19-697EE8B01EE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.8.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "41B22D3E-385E-424C-97FD-C9891730E5FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.8.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "40FF7B6B-F12D-4EF5-87AB-8C16FCC66D2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.8.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "54429AF8-AF48-429F-9EBD-F79EC71B54B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.8.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDD8433B-E530-4244-BC0E-668190A9EFC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.8.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAADC039-FFD2-43E8-AA97-D93A9CDDCE2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.8.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "48468AB9-8D98-4AE9-A284-B847D007C6D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.8.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "B13CCD80-B55D-4FE3-8FDD-5051AB55F8F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.8.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6CED617-A0EB-4003-AADE-B8B80281B679",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.8.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE54C1F8-4066-41ED-A692-28A4E8A0DB1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.8.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "44396580-4842-4BE3-B84D-E3878210D5F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.8.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "98534011-D3D8-4202-8821-F5691B40D978",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.8.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F75A9B9-E967-494F-8257-B0A3571D3D14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.8.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C3F022A-B8CD-4696-8363-23287E5A7691",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.8.37:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F4D9E0C-3F85-4668-B935-B3201A1EB19A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.8.38:*:*:*:*:*:*:*",
              "matchCriteriaId": "86267EB7-D754-4BE4-8698-908E20E100B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.8.39:*:*:*:*:*:*:*",
              "matchCriteriaId": "473FFA52-32D0-44B6-BD80-1F41A172C2B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.8.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "A053AB4E-FB4A-48A1-95CA-5C10029919AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.8.41:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEE1F7B3-DBD9-42E8-90B5-33A000713816",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.8.42:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECC23211-5826-4CB8-A68E-1C7F5CF30BB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.8.43:*:*:*:*:*:*:*",
              "matchCriteriaId": "41947A86-4173-495F-A44E-2D1A737CA1E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.8.44:*:*:*:*:*:*:*",
              "matchCriteriaId": "767B61BF-7E8E-4867-9336-2F24C71D1637",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.8.45:*:*:*:*:*:*:*",
              "matchCriteriaId": "9654CC51-6CD8-4D58-B4F3-AD47FAE3D76E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.8.46:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E635FEB-A1C1-4246-8FBA-50109E5B8506",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.8.47:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2862792-6768-4EDB-9A38-377A136593D1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and 2.8.x before 2.8.48, as used on Axis cameras and other devices, allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow and application crash) via a large XML document, aka Devil\u0027s Ivy. NOTE: the large document would be blocked by many common web-server configurations on general-purpose computers."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de enteros en la funci\u00f3n soap_get en Genivia gSOAP, en versiones 2.7.x y 2.8.x anteriores a la 2.8.48, como se utilizaba en las c\u00e1maras y otros dispositivos de Axis, permite que atacantes remotos ejecuten c\u00f3digo arbitrario o provoquen una denegaci\u00f3n de servicio (desbordamiento de b\u00fafer basado en pila y cierre inesperado de la aplicaci\u00f3n) mediante un documento XML de gran tama\u00f1o. Esto tambi\u00e9n se conoce como Devil\u0027s Ivy. Nota: el documento de gran tama\u00f1o ser\u00eda bloqueado por m\u00faltiples configuraciones de servidores web comunes en ordenadores de uso general."
    }
  ],
  "id": "CVE-2017-9765",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-07-20T00:29:00.463",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mitigation",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "http://blog.senr.io/blog/devils-ivy-flaw-in-widely-used-third-party-code-impacts-millions"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "http://blog.senr.io/devilsivy.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99868"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472807"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1049348"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.genivia.com/advisory.html#Security_advisory:_CVE-2017-9765_bug_in_certain_versions_of_gSOAP_2.7_up_to_2.8.47_%28June_21%2C_2017%29"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.genivia.com/changelog.html#Version_2.8.48_upd_%2806/21/2017%29"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "http://blog.senr.io/blog/devils-ivy-flaw-in-widely-used-third-party-code-impacts-millions"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "http://blog.senr.io/devilsivy.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99868"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472807"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1049348"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.genivia.com/advisory.html#Security_advisory:_CVE-2017-9765_bug_in_certain_versions_of_gSOAP_2.7_up_to_2.8.47_%28June_21%2C_2017%29"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.genivia.com/changelog.html#Version_2.8.48_upd_%2806/21/2017%29"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.