{"id":"CVE-2017-9765","details":"Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and 2.8.x before 2.8.48, as used on Axis cameras and other devices, allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow and application crash) via a large XML document, aka Devil's Ivy. NOTE: the large document would be blocked by many common web-server configurations on general-purpose computers.","modified":"2026-04-16T06:20:32.329489718Z","published":"2017-07-20T00:29:00.463Z","related":["openSUSE-SU-2024:10825-1"],"references":[{"type":"ADVISORY","url":"https://www.genivia.com/advisory.html#Security_advisory:_CVE-2017-9765_bug_in_certain_versions_of_gSOAP_2.7_up_to_2.8.47_%28June_21%2C_2017%29"},{"type":"ADVISORY","url":"https://www.genivia.com/changelog.html#Version_2.8.48_upd_%2806/21/2017%29"},{"type":"ADVISORY","url":"http://blog.senr.io/blog/devils-ivy-flaw-in-widely-used-third-party-code-impacts-millions"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/99868"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1472807"},{"type":"REPORT","url":"https://bugzilla.suse.com/show_bug.cgi?id=1049348"},{"type":"EVIDENCE","url":"http://blog.senr.io/devilsivy.html"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"2.7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"2.7.1"}]},{"events":[{"introduced":"0"},{"last_affected":"2.7.2"}]},{"events":[{"introduced":"0"},{"last_affected":"2.7.3"}]},{"events":[{"introduced":"0"},{"last_affected":"2.7.4"}]},{"events":[{"introduced":"0"},{"last_affected":"2.7.5"}]},{"events":[{"introduced":"0"},{"last_affected":"2.7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"2.7.7"}]},{"events":[{"introduced":"0"},{"last_affected":"2.7.8"}]},{"events":[{"introduced":"0"},{"last_affected":"2.7.9"}]},{"events":[{"introduced":"0"},{"last_affected":"2.7.10"}]},{"events":[{"introduced":"0"},{"last_affected":"2.7.11"}]},{"events":[{"introduced":"0"},{"last_affected":"2.7.12"}]},{"events":[{"introduced":"0"},{"last_affected":"2.7.13"}]},{"events":[{"introduced":"0"},{"last_affected":"2.7.14"}]},{"events":[{"introduced":"0"},{"last_affected":"2.7.15"}]},{"events":[{"introduced":"0"},{"last_affected":"2.7.16"}]},{"events":[{"introduced":"0"},{"last_affected":"2.7.17"}]},{"events":[{"introduced":"0"},{"last_affected":"2.8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"2.8.1"}]},{"events":[{"introduced":"0"},{"last_affected":"2.8.2"}]},{"events":[{"introduced":"0"},{"last_affected":"2.8.3"}]},{"events":[{"introduced":"0"},{"last_affected":"2.8.4"}]},{"events":[{"introduced":"0"},{"last_affected":"2.8.5"}]},{"events":[{"introduced":"0"},{"last_affected":"2.8.6"}]},{"events":[{"introduced":"0"},{"last_affected":"2.8.7"}]},{"events":[{"introduced":"0"},{"last_affected":"2.8.8"}]},{"events":[{"introduced":"0"},{"last_affected":"2.8.9"}]},{"events":[{"introduced":"0"},{"last_affected":"2.8.10"}]},{"events":[{"introduced":"0"},{"last_affected":"2.8.11"}]},{"events":[{"introduced":"0"},{"last_affected":"2.8.12"}]},{"events":[{"introduced":"0"},{"last_affected":"2.8.13"}]},{"events":[{"introduced":"0"},{"last_affected":"2.8.14"}]},{"events":[{"introduced":"0"},{"last_affected":"2.8.15"}]},{"events":[{"introduced":"0"},{"last_affected":"2.8.16"}]},{"events":[{"introduced":"0"},{"last_affected":"2.8.17"}]},{"events":[{"introduced":"0"},{"last_affected":"2.8.18"}]},{"events":[{"introduced":"0"},{"last_affected":"2.8.19"}]},{"events":[{"introduced":"0"},{"last_affected":"2.8.20"}]},{"events":[{"introduced":"0"},{"last_affected":"2.8.21"}]},{"events":[{"introduced":"0"},{"last_affected":"2.8.22"}]},{"events":[{"introduced":"0"},{"last_affected":"2.8.23"}]},{"events":[{"introduced":"0"},{"last_affected":"2.8.24"}]},{"events":[{"introduced":"0"},{"last_affected":"2.8.25"}]},{"events":[{"introduced":"0"},{"last_affected":"2.8.26"}]},{"events":[{"introduced":"0"},{"last_affected":"2.8.27"}]},{"events":[{"introduced":"0"},{"last_affected":"2.8.28"}]},{"events":[{"introduced":"0"},{"last_affected":"2.8.29"}]},{"events":[{"introduced":"0"},{"last_affected":"2.8.30"}]},{"events":[{"introduced":"0"},{"last_affected":"2.8.31"}]},{"events":[{"introduced":"0"},{"last_affected":"2.8.32"}]},{"events":[{"introduced":"0"},{"last_affected":"2.8.33"}]},{"events":[{"introduced":"0"},{"last_affected":"2.8.34"}]},{"events":[{"introduced":"0"},{"last_affected":"2.8.35"}]},{"events":[{"introduced":"0"},{"last_affected":"2.8.36"}]},{"events":[{"introduced":"0"},{"last_affected":"2.8.37"}]},{"events":[{"introduced":"0"},{"last_affected":"2.8.38"}]},{"events":[{"introduced":"0"},{"last_affected":"2.8.39"}]},{"events":[{"introduced":"0"},{"last_affected":"2.8.40"}]},{"events":[{"introduced":"0"},{"last_affected":"2.8.41"}]},{"events":[{"introduced":"0"},{"last_affected":"2.8.42"}]},{"events":[{"introduced":"0"},{"last_affected":"2.8.43"}]},{"events":[{"introduced":"0"},{"last_affected":"2.8.44"}]},{"events":[{"introduced":"0"},{"last_affected":"2.8.45"}]},{"events":[{"introduced":"0"},{"last_affected":"2.8.46"}]},{"events":[{"introduced":"0"},{"last_affected":"2.8.47"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-9765.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}