Red Hat Bugzilla – Bug 1472807
CVE-2017-9765 gsoap: Stack-based buffer overflow when receieving XML message with size larger than 2GB
Last modified: 2017-07-20 03:28:45 EDT
A buffer overflow can cause an open unsecured server to crash after 2GB (greater than 2147483711 bytes to trigger the software bug)) XML message is received. Fortunately, the overflowing data after 2GB is cleaned up in the buffer which means that the chances of exploiting this flaw (by injecting code) is significantly reduced in gSOAP versions affected.
Created gsoap tracking bugs for this issue:
Affects: epel-all [bug 1472808]
Affects: fedora-all [bug 1472809]