{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-57823", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-01-10T14:44:18.609Z", "dateReserved": "2025-01-10T00:00:00", "datePublished": "2025-01-10T00:00:00"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "Raptor RDF Syntax Library", "vendor": "librdf", "versions": [{"lessThanOrEqual": "2.0.16", "status": "affected", "version": "0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "In Raptor RDF Syntax Library through 2.0.16, there is an integer underflow when normalizing a URI with the turtle parser in raptor_uri_normalize_path()."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-191", "description": "CWE-191 Integer Underflow (Wrap or Wraparound)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-01-10T13:21:44.019Z"}, "references": [{"url": "https://github.com/pedrib/PoC/blob/master/fuzzing/raptor-fuzz.md"}, {"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067896"}, {"url": "https://github.com/dajobe/raptor/issues/70"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 9.3, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:librdf:raptor_rdf_syntax_library:*:*:*:*:*:*:*:*", "versionEndIncluding": "2.0.16"}]}]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-10T14:44:06.998200Z", "id": "CVE-2024-57823", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-10T14:44:18.609Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-57823", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-10T14:44:06.998200Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-10T14:44:13.289Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 9.3, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}}], "affected": [{"vendor": "librdf", "product": "Raptor RDF Syntax Library", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.0.16"}], "defaultStatus": "unknown"}], "references": [{"url": "https://github.com/pedrib/PoC/blob/master/fuzzing/raptor-fuzz.md"}, {"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067896"}, {"url": "https://github.com/dajobe/raptor/issues/70"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "descriptions": [{"lang": "en", "value": "In Raptor RDF Syntax Library through 2.0.16, there is an integer underflow when normalizing a URI with the turtle parser in raptor_uri_normalize_path()."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-191", "description": "CWE-191 Integer Underflow (Wrap or Wraparound)"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:librdf:raptor_rdf_syntax_library:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "2.0.16"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-01-10T13:21:44.019Z"}}}, "cveMetadata": {"cveId": "CVE-2024-57823", "state": "PUBLISHED", "dateUpdated": "2025-01-10T14:44:18.609Z", "dateReserved": "2025-01-10T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2025-01-10T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In Raptor RDF Syntax Library through 2.0.16, there is an integer underflow when normalizing a URI with the turtle parser in raptor_uri_normalize_path()."}], "id": "CVE-2024-57823", "lastModified": "2025-01-10T14:15:29.583", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 6.0, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2025-01-10T13:15:10.113", "references": [{"source": "cve@mitre.org", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067896"}, {"source": "cve@mitre.org", "url": "https://github.com/dajobe/raptor/issues/70"}, {"source": "cve@mitre.org", "url": "https://github.com/pedrib/PoC/blob/master/fuzzing/raptor-fuzz.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-191"}], "source": "cve@mitre.org", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:0319", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "raptor2-0:2.0.9-5.el7_9", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2025-01-14T00:00:00Z"}, {"advisory": "RHSA-2025:0314", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "raptor2-0:2.0.15-17.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-01-14T00:00:00Z"}, {"advisory": "RHSA-2025:0315", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "raptor2-0:2.0.15-17.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-01-14T00:00:00Z"}, {"advisory": "RHSA-2025:0313", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "raptor2-0:2.0.15-17.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-01-14T00:00:00Z"}, {"advisory": "RHSA-2025:0313", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "raptor2-0:2.0.15-17.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2025-01-14T00:00:00Z"}, {"advisory": "RHSA-2025:0313", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "raptor2-0:2.0.15-17.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2025-01-14T00:00:00Z"}, {"advisory": "RHSA-2025:0326", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "raptor2-0:2.0.15-17.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-01-15T00:00:00Z"}, {"advisory": "RHSA-2025:0326", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "raptor2-0:2.0.15-17.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-01-15T00:00:00Z"}, {"advisory": "RHSA-2025:0326", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "raptor2-0:2.0.15-17.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-01-15T00:00:00Z"}, {"advisory": "RHSA-2025:0318", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "raptor2-0:2.0.15-17.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2025-01-14T00:00:00Z"}, {"advisory": "RHSA-2025:0312", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "raptor2-0:2.0.15-32.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-01-14T00:00:00Z"}, {"advisory": "RHSA-2025:0311", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "raptor2-0:2.0.15-31.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-01-14T00:00:00Z"}, {"advisory": "RHSA-2025:0310", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "raptor2-0:2.0.15-31.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-01-14T00:00:00Z"}, {"advisory": "RHSA-2025:0316", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "raptor2-0:2.0.15-31.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-01-14T00:00:00Z"}], "bugzilla": {"description": "raptor: integer underflow when normalizing a URI with the turtle parser", "id": "2336921", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2336921"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "status": "verified"}, "cwe": "CWE-191", "details": ["In Raptor RDF Syntax Library through 2.0.16, there is an integer underflow when normalizing a URI with the turtle parser in raptor_uri_normalize_path().", "A flaw was found in the Raptor RDF syntax library (librdf). An integer underflow condition may be triggered when normalizing a URI with the turtle parser. This issue could cause memory corruption or an application crash, leading to a denial of service or other undefined behavior."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-57823", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "raptor", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2025-01-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-57823\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-57823\nhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067896\nhttps://github.com/dajobe/raptor/issues/70\nhttps://github.com/pedrib/PoC/blob/master/fuzzing/raptor-fuzz.md"], "statement": "This vulnerability in the Raptor RDF syntax library (librdf) ios marked as \nimportant severity rather than moderate due to the potential for memory corruption resulting from the integer underflow condition. Memory corruption can lead to application crashes, creating a reliable vector for denial-of-service (DoS) attacks, and, in certain cases, could be exploited to achieve arbitrary code execution, depending on how memory is manipulated. Given that the Turtle parser is commonly used for processing external RDF data, the vulnerability increases the attack surface for applications that handle untrusted or user-supplied input.", "threat_severity": "Important"}