CVE-2017-5522

Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and 7.0.x before 7.0.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving WFS get feature requests.
Configurations

Configuration 1 (hide)

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:osgeo:mapserver:*:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:6.2.0:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:6.2.0:beta1:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:6.2.0:beta2:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:6.2.0:beta3:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:6.2.0:beta4:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:6.2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:6.2.2:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:6.2.3:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:6.4.0:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:6.4.0:beta1:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:6.4.0:beta2:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:6.4.0:rc1:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:6.4.1:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:6.4.2:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:6.4.3:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:6.4.4:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:7.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:7.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:7.0.3:*:*:*:*:*:*:*

History

07 Jun 2021, 15:56

Type Values Removed Values Added
CPE cpe:2.3:a:umn:mapserver:7.0.0:b1:*:*:*:*:*:*
cpe:2.3:a:umn:mapserver:6.2.0:*:*:*:*:*:*:*
cpe:2.3:a:umn:mapserver:*:*:*:*:*:*:*:*
cpe:2.3:a:umn:mapserver:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:umn:mapserver:6.4.0:b1:*:*:*:*:*:*
cpe:2.3:a:umn:mapserver:6.4.0:*:*:*:*:*:*:*
cpe:2.3:a:umn:mapserver:6.2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:6.2.0:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:7.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:*:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:6.4.0:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:6.4.0:beta1:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:6.2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:7.0.0:*:*:*:*:*:*:*

01 Jun 2021, 14:03

Type Values Removed Values Added
CPE cpe:2.3:a:umn:mapserver:6.4.4:*:*:*:*:*:*:*
cpe:2.3:a:umn:mapserver:7.0.0:b2:*:*:*:*:*:*
cpe:2.3:a:umn:mapserver:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:umn:mapserver:6.2.3:*:*:*:*:*:*:*
cpe:2.3:a:umn:mapserver:6.4.0:rc1:*:*:*:*:*:*
cpe:2.3:a:umn:mapserver:6.2.2:*:*:*:*:*:*:*
cpe:2.3:a:umn:mapserver:6.4.2:*:*:*:*:*:*:*
cpe:2.3:a:umn:mapserver:6.4.3:*:*:*:*:*:*:*
cpe:2.3:a:umn:mapserver:6.4.1:*:*:*:*:*:*:*
cpe:2.3:a:umn:mapserver:6.2.0:b4:*:*:*:*:*:*
cpe:2.3:a:umn:mapserver:6.2.0:b2:*:*:*:*:*:*
cpe:2.3:a:umn:mapserver:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:umn:mapserver:6.2.0:b1:*:*:*:*:*:*
cpe:2.3:a:umn:mapserver:6.4.0:b2:*:*:*:*:*:*
cpe:2.3:a:umn:mapserver:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:umn:mapserver:6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:umn:mapserver:6.2.0:b3:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:6.2.0:beta4:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:6.4.4:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:6.4.2:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:6.4.0:rc1:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:6.4.3:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:6.4.0:beta2:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:6.2.0:beta2:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:6.2.3:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:6.4.1:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:6.2.0:beta1:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:6.2.0:beta3:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:6.2.2:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:7.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:osgeo:mapserver:7.0.3:*:*:*:*:*:*:*

Information

Published : 2017-03-15 16:59

Updated : 2024-02-04 19:11


NVD link : CVE-2017-5522

Mitre link : CVE-2017-5522

CVE.ORG link : CVE-2017-5522


JSON object : View

Products Affected

osgeo

  • mapserver

debian

  • debian_linux
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer