Home > Vulnerability Database > CVE-2017-5522

Mend.io Vulnerability Database

CVE-2017-5522

Date: March 15, 2017

Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and 7.0.x before 7.0.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving WFS get feature requests.

Language: C

Severity Score

9.8

Related Resources (10)

Url: http://www.mapserver.org/development/changelog/changelog-6-0-6.html#changelog-6-0-6

Url: http://www.debian.org/security/2017/dsa-3766

Url: https://lists.osgeo.org/pipermail/mapserver-dev/2017-January/015007.html

Url: http://www.mapserver.org/development/changelog/changelog-7-0.html#changelog-7-0-4

Url: http://www.mapserver.org/development/changelog/changelog-6-2-4.html#changelog-6-2-4

Url: https://github.com/mapserver/mapserver/commit/e52a436c0e1c5e9f7ef13428dba83194a800f4df

Url: https://nvd.nist.gov/vuln/detail/CVE-2017-5522

Url: http://www.mapserver.org/development/changelog/changelog-6-4.html#changelog-6-4-5

Url: https://security-tracker.debian.org/tracker/CVE-2017-5522

Url: https://www.mend.io/vulnerability-database/CVE-2017-5522

Severity Score

9.8

Weakness Type (CWE)

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-119

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	7.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2017-5522

Date: March 15, 2017

Language: C

Severity Score

Related Resources (10)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?