Home > Vulnerability Database > WS-2017-3803

Mend.io Vulnerability Database

WS-2017-3803

Good to know:

Date: June 9, 2017

In OSGeo GDAL, versions 1.9.0 through 2.1.3 and 2.2.0 are vulnerable to heap-based buffer overflow, due to “iOutBufPtr” exceeding its designated length without validation.

Language: C

Severity Score

7.5

Related Resources (4)

Url: https://github.com/OSGeo/gdal/commit/3f563fb88c66ef0e8baace7b1077d30eda377901

Url: https://github.com/osgeo/gdal/commit/e1c57707c49dd8d2425e1393fc5b4fd6169d0347

Url: https://github.com/OSGeo/gdal/commit/3922f13580c99607dfe62c317b21bf299fbf7c6a

Url: https://www.mend.io/vulnerability-database/WS-2017-3803

Severity Score

7.5

Weakness Type (CWE)

Heap-based Buffer Overflow

CWE-122

Top Fix

Upgrade Version

Upgrade to version v2.1.4,v2.2.1,v2.3.0

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

WS-2017-3803

Good to know:

Date: June 9, 2017

Language: C

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?