CVE-2024-57823
Published: 10 January 2025
Description
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Security Summary
CVE-2024-57823 is an integer underflow vulnerability (CWE-191) affecting the Raptor RDF Syntax Library through version 2.0.16. The flaw occurs in the Turtle parser during URI normalization in the raptor_uri_normalize_path() function. It carries a CVSS v3.1 base score of 9.3 (AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), indicating critical severity due to its potential for severe impacts.
A local attacker can exploit this vulnerability with low attack complexity, requiring no privileges or user interaction. Exploitation changes the scope and can result in high confidentiality, integrity, and availability impacts, potentially allowing arbitrary code execution or system compromise on affected systems processing malicious Turtle input.
Advisories and related resources include a Debian bug report at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067896, a GitHub issue tracking the problem at https://github.com/dajobe/raptor/issues/70, a fuzzing proof-of-concept at https://github.com/pedrib/PoC/blob/master/fuzzing/raptor-fuzz.md, and a Debian LTS announcement at https://lists.debian.org/debian-lts-announce/2025/10/msg00023.html, which provide details on patches and mitigations.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Integer underflow in URI normalization and heap buffer overflow in parsers enable potential code execution via client-side exploitation (T1203) or application denial-of-service (T1499.004).