Raptor RDF Syntax Library Integer Underflow and Heap Read Buffer Overflow Vulnerability

A vulnerability has been identified in the Raptor RDF Syntax Library, specifically in versions through 2.0.16. The issue involves an integer underflow in the URI normalization process when using the Turtle parser. This underflow can be exploited, leading to a heap read buffer overflow.

Impact

Exploitation of the integer underflow vulnerability in the URI normalization function causes a memory corruption issue, where an invalid pointer is freed, potentially leading to a heap-based memory corruption vulnerability.

Reproduction

The vulnerability can be reproduced by using the 'rapper' command-line utility that comes with the Raptor library. The command should specify the Turtle input format and provide a crafted file that triggers the integer underflow. This can be done by creating a file with specific URI references that, when parsed, cause the underflow in the 'raptor_uri_normalize_path()' function. The AddressSanitizer (ASAN) build of 'rapper' will show the underflow error more clearly.

Remediation

Users can update to Raptor RDF Syntax Library version 2.0.16-6, which addresses both the integer underflow and the heap read buffer overflow vulnerabilities.