A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.
The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Gsoap | Genivia | 2.8.107 (including) | 2.8.107 (including) |
| Gsoap | Ubuntu | bionic | * |
| Gsoap | Ubuntu | groovy | * |
| Gsoap | Ubuntu | hirsute | * |
| Gsoap | Ubuntu | impish | * |
| Gsoap | Ubuntu | kinetic | * |
| Gsoap | Ubuntu | lunar | * |
| Gsoap | Ubuntu | mantic | * |
| Gsoap | Ubuntu | trusty | * |
| Gsoap | Ubuntu | xenial | * |