Published:2017/07/20  Last Updated:2020/08/27

JVNVU#98807587
gSOAP vulnerable to stack-based buffer overflow

Overview

gSOAP library contains a stack-based buffer overflow vulnerability. Processing a crafted SOAP message sent by a remote attacker may result in code execution.

Products Affected

  • gSOAP versions prior to 2.8.48

Description

gSOAP library provided by Genivia contains a stack-based buffer overflow(CWE-121).

Impact

Processing a crafted SOAP message sent by a remote attacker may result in code execution.

Solution

Update to the latest version
Update to the latest version according to the information provided by the developer.

The developer released gSOAP version 2.8.48 on June 21th, 2017, to fix this vulnerability.

Vendor Status

Vendor Status Last Update Vendor Notes
JT Engineering inc. Not Vulnerable 2020/08/25
NEC Corporation Vulnerable 2020/02/14
Vendor Link
Genivia Security advisory: CVE-2017-9765 bug in certain versions of gSOAP_2.7 up to 2.8.47 (June 21, 2017)
RedHat Bug 1472807 - (CVE-2017-9765) CVE-2017-9765 gsoap: Stack-based buffer overflow when receieving XML message with size larger than 2GB
SUSE Bug 1049348 - (CVE-2017-9765) VUL-0: CVE-2017-9765: gsoap stack buffer overflow vulnerability could lead to remote execution

References

  1. Senrio
    Senrio Blog - Devil's Ivy: Flaw in Widely Used Third-party Code Impacts Millions
  2. Senrio
    Devil's Ivy

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Base Score: 7.3
Attack Vector(AV) Physical (P) Local (L) Adjacent (A) Network (N)
Attack Complexity(AC) High (H) Low (L)
Privileges Required(PR) High (H) Low (L) None (N)
User Interaction(UI) Required (R) None (N)
Scope(S) Unchanged (U) Changed (C)
Confidentiality Impact(C) None (N) Low (L) High (H)
Integrity Impact(I) None (N) Low (L) High (H)
Availability Impact(A) None (N) Low (L) High (H)
CVSS v2 AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score: 7.5
Access Vector(AV) Local (L) Adjacent Network (A) Network (N)
Access Complexity(AC) High (H) Medium (M) Low (L)
Authentication(Au) Multiple (M) Single (S) None (N)
Confidentiality Impact(C) None (N) Partial (P) Complete (C)
Integrity Impact(I) None (N) Partial (P) Complete (C)
Availability Impact(A) None (N) Partial (P) Complete (C)

Comment

This evaluation assumes a server accepts SOAP messages without authentication.

Credit

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2017-9765
JVN iPedia

Update History

2020/02/19
NEC Corporation update status
2020/08/27
JT Engineering inc. update status