CVE-2007-0157
Published Jan 9, 2007
Last updated a year ago
Overview
- Description
- Array index error in the uri_lookup function in the URI parser for neon 0.26.0 to 0.26.2, possibly only on 64-bit platforms, allows remote malicious servers to cause a denial of service (crash) via a URI with non-ASCII characters, which triggers a buffer under-read due to a type conversion error that generates a negative index.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.8
- Impact score
- 6.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:N/A:C
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Vendor comments
- Red HatNot vulnerable. This issue does not affect the older versions of neon as shipped with Red Hat Enterprise Linux 2.1, 3, and 4. This issue also does not affect the older versions of neon included in the cadaver package.
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:neon:neon:0.26.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6CA5EF13-02E0-414E-8076-9E8CF8791C61"
},
{
"criteria": "cpe:2.3:a:neon:neon:0.26.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D2538986-65F3-4E52-BD74-E31728B14A45"
},
{
"criteria": "cpe:2.3:a:neon:neon:0.26.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D48115F0-4B06-4C4C-8969-7F0518C46257"
}
],
"operator": "OR"
}
]
}
]