CVE-2007-0157
Mandriva Linux Security Advisory 2007.013
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Array index error in the uri_lookup function in the URI parser for neon 0.26.0 to 0.26.2, possibly only on 64-bit platforms, allows remote malicious servers to cause a denial of service (crash) via a URI with non-ASCII characters, which triggers a buffer under-read due to a type conversion error that generates a negative index.
Error de índice de array en la función uri_lookup del intérprete de URI para neon 0.26.0 hasta 0.26.2, posiblemente sólo en plataformas de 54 bits, permite a servidores remotos maliciosos provocar una denegación de servicio (caída) mediante un URI con caracteres no-ASCII, lo que dispara una lectura de búfer por debajo del límite inferior debido a un error de conversión de tipos que genera un índice negativo.
An array index error in the URI parser in neon 0.26.0 to 0.26.2 could possibly allow remote malicious servers to cause a crash via a URI with non-ASCII characters. This vulnerability may only exist on 64bit systems.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-01-09 CVE Reserved
- 2007-01-09 CVE Published
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (14)
| URL | Tag | Source |
|---|---|---|
| http://bugs.debian.org/cgi-bin/bugreport.cgi/neon26_0.26.2-3_to_mdx1.diff?bug=404723%3Bmsg=5%3Batt=2 | X_refsource_confirm | |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=404723 | X_refsource_confirm | |
| http://mailman.webdav.org/pipermail/cadaver/2007-January/001015.html | Mailing List | |
| http://mailman.webdav.org/pipermail/neon/2007-January/002362.html | Mailing List | |
| http://osvdb.org/39247 | Vdb Entry | |
| http://secunia.com/advisories/23751 | Third Party Advisory | |
| http://secunia.com/advisories/23763 | Third Party Advisory | |
| http://secunia.com/advisories/23984 | Third Party Advisory | |
| http://www.securityfocus.com/bid/22035 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2007/0172 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2007/0362 | Vdb Entry | |
| http://www.webdav.org/cadaver | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.mandriva.com/security/advisories?name=MDKSA-2007:013 | 2023-11-07 | |
| http://www.novell.com/linux/security/advisories/2007_02_sr.html | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Neon Search vendor "Neon" | Neon Search vendor "Neon" for product "Neon" | 0.26.0 Search vendor "Neon" for product "Neon" and version "0.26.0" | - |
Affected
| ||||||
| Neon Search vendor "Neon" | Neon Search vendor "Neon" for product "Neon" | 0.26.1 Search vendor "Neon" for product "Neon" and version "0.26.1" | - |
Affected
| ||||||
| Neon Search vendor "Neon" | Neon Search vendor "Neon" for product "Neon" | 0.26.2 Search vendor "Neon" for product "Neon" and version "0.26.2" | - |
Affected
| ||||||