- Description
- Array index error in the uri_lookup function in the URI parser for neon 0.26.0 to 0.26.2, possibly only on 64-bit platforms, allows remote malicious servers to cause a denial of service (crash) via a URI with non-ASCII characters, which triggers a buffer under-read due to a type conversion error that generates a negative index.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 7.8
- Impact score
- 6.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:N/A:C
- Hype score
- Not currently trending
- Red HatNot vulnerable. This issue does not affect the older versions of neon as shipped with Red Hat Enterprise Linux 2.1, 3, and 4. This issue also does not affect the older versions of neon included in the cadaver package.
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:neon:neon:0.26.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6CA5EF13-02E0-414E-8076-9E8CF8791C61"
},
{
"criteria": "cpe:2.3:a:neon:neon:0.26.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D2538986-65F3-4E52-BD74-E31728B14A45"
},
{
"criteria": "cpe:2.3:a:neon:neon:0.26.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D48115F0-4B06-4C4C-8969-7F0518C46257"
}
],
"operator": "OR"
}
]
}
]