CVE-2024-57823

CriticalPublic PoC

Published: 10 January 2025

Published

10 January 2025

Modified

03 November 2025

KEV Added

—

Patch

—

CVSS Score 9.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0004 12.1th percentile

Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57823 is a critical-severity Wrap or Wraparound (CWE-191) vulnerability in Librdf Raptor Rdf Syntax Library. Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 12.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

SI-2 requires timely remediation of flaws, directly preventing exploitation of the integer underflow in Raptor RDF library's URI normalization by applying vendor patches.

SI-10 Information Input Validation partial match

prevent

SI-10 enforces validation of inputs to the Turtle parser, reducing the risk of crafted URIs triggering the integer underflow during path normalization.

RA-5 Vulnerability Monitoring and Scanning partial match

detect

RA-5 mandates vulnerability scanning to identify systems using vulnerable versions of the Raptor RDF library affected by CVE-2024-57823.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

Integer underflow in URI normalization and heap buffer overflow in parsers enable potential code execution via client-side exploitation (T1203) or application denial-of-service (T1499.004).

NVD Description

In Raptor RDF Syntax Library through 2.0.16, there is an integer underflow when normalizing a URI with the turtle parser in raptor_uri_normalize_path().

Deeper analysisAI

CVE-2024-57823 is an integer underflow vulnerability (CWE-191) affecting the Raptor RDF Syntax Library through version 2.0.16. The flaw occurs in the Turtle parser during URI normalization in the raptor_uri_normalize_path() function. It carries a CVSS v3.1 base score of 9.3 (AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), indicating critical severity due to its potential for severe impacts.

A local attacker can exploit this vulnerability with low attack complexity, requiring no privileges or user interaction. Exploitation changes the scope and can result in high confidentiality, integrity, and availability impacts, potentially allowing arbitrary code execution or system compromise on affected systems processing malicious Turtle input.

Advisories and related resources include a Debian bug report at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067896, a GitHub issue tracking the problem at https://github.com/dajobe/raptor/issues/70, a fuzzing proof-of-concept at https://github.com/pedrib/PoC/blob/master/fuzzing/raptor-fuzz.md, and a Debian LTS announcement at https://lists.debian.org/debian-lts-announce/2025/10/msg00023.html, which provide details on patches and mitigations.