CVE-2007-0157 (GCVE-0-2007-0157)
Vulnerability from cvelistv5
Published
2007-01-09 21:00
Modified
2024-08-07 12:12
Severity ?
CWE
  • n/a
Summary
Array index error in the uri_lookup function in the URI parser for neon 0.26.0 to 0.26.2, possibly only on 64-bit platforms, allows remote malicious servers to cause a denial of service (crash) via a URI with non-ASCII characters, which triggers a buffer under-read due to a type conversion error that generates a negative index.
References
cve@mitre.org http://bugs.debian.org/cgi-bin/bugreport.cgi/neon26_0.26.2-3_to_mdx1.diff?bug=404723%3Bmsg=5%3Batt=2
cve@mitre.org http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=404723
cve@mitre.org http://mailman.webdav.org/pipermail/cadaver/2007-January/001015.html
cve@mitre.org http://mailman.webdav.org/pipermail/neon/2007-January/002362.html
cve@mitre.org http://osvdb.org/39247
cve@mitre.org http://secunia.com/advisories/23751
cve@mitre.org http://secunia.com/advisories/23763
cve@mitre.org http://secunia.com/advisories/23984
cve@mitre.org http://www.mandriva.com/security/advisories?name=MDKSA-2007:013
cve@mitre.org http://www.novell.com/linux/security/advisories/2007_02_sr.html
cve@mitre.org http://www.securityfocus.com/bid/22035
cve@mitre.org http://www.vupen.com/english/advisories/2007/0172
cve@mitre.org http://www.vupen.com/english/advisories/2007/0362
cve@mitre.org http://www.webdav.org/cadaver/
af854a3a-2127-422b-91ae-364da2661108 http://bugs.debian.org/cgi-bin/bugreport.cgi/neon26_0.26.2-3_to_mdx1.diff?bug=404723%3Bmsg=5%3Batt=2
af854a3a-2127-422b-91ae-364da2661108 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=404723
af854a3a-2127-422b-91ae-364da2661108 http://mailman.webdav.org/pipermail/cadaver/2007-January/001015.html
af854a3a-2127-422b-91ae-364da2661108 http://mailman.webdav.org/pipermail/neon/2007-January/002362.html
af854a3a-2127-422b-91ae-364da2661108 http://osvdb.org/39247
af854a3a-2127-422b-91ae-364da2661108 http://secunia.com/advisories/23751
af854a3a-2127-422b-91ae-364da2661108 http://secunia.com/advisories/23763
af854a3a-2127-422b-91ae-364da2661108 http://secunia.com/advisories/23984
af854a3a-2127-422b-91ae-364da2661108 http://www.mandriva.com/security/advisories?name=MDKSA-2007:013
af854a3a-2127-422b-91ae-364da2661108 http://www.novell.com/linux/security/advisories/2007_02_sr.html
af854a3a-2127-422b-91ae-364da2661108 http://www.securityfocus.com/bid/22035
af854a3a-2127-422b-91ae-364da2661108 http://www.vupen.com/english/advisories/2007/0172
af854a3a-2127-422b-91ae-364da2661108 http://www.vupen.com/english/advisories/2007/0362
af854a3a-2127-422b-91ae-364da2661108 http://www.webdav.org/cadaver/
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:12:16.464Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "23984",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23984"
          },
          {
            "name": "[neon] 20070107 invalid chars cause sigserv in neon",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mailman.webdav.org/pipermail/neon/2007-January/002362.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi/neon26_0.26.2-3_to_mdx1.diff?bug=404723%3Bmsg=5%3Batt=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.webdav.org/cadaver/"
          },
          {
            "name": "[cadaver] 20070123 release 0.22.5",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mailman.webdav.org/pipermail/cadaver/2007-January/001015.html"
          },
          {
            "name": "MDKSA-2007:013",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:013"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=404723"
          },
          {
            "name": "SUSE-SR:2007:002",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_02_sr.html"
          },
          {
            "name": "22035",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/22035"
          },
          {
            "name": "ADV-2007-0172",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0172"
          },
          {
            "name": "23763",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23763"
          },
          {
            "name": "ADV-2007-0362",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0362"
          },
          {
            "name": "23751",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23751"
          },
          {
            "name": "39247",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/39247"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-01-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Array index error in the uri_lookup function in the URI parser for neon 0.26.0 to 0.26.2, possibly only on 64-bit platforms, allows remote malicious servers to cause a denial of service (crash) via a URI with non-ASCII characters, which triggers a buffer under-read due to a type conversion error that generates a negative index."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2007-01-19T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "23984",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23984"
        },
        {
          "name": "[neon] 20070107 invalid chars cause sigserv in neon",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mailman.webdav.org/pipermail/neon/2007-January/002362.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi/neon26_0.26.2-3_to_mdx1.diff?bug=404723%3Bmsg=5%3Batt=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.webdav.org/cadaver/"
        },
        {
          "name": "[cadaver] 20070123 release 0.22.5",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mailman.webdav.org/pipermail/cadaver/2007-January/001015.html"
        },
        {
          "name": "MDKSA-2007:013",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:013"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=404723"
        },
        {
          "name": "SUSE-SR:2007:002",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_02_sr.html"
        },
        {
          "name": "22035",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/22035"
        },
        {
          "name": "ADV-2007-0172",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0172"
        },
        {
          "name": "23763",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23763"
        },
        {
          "name": "ADV-2007-0362",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0362"
        },
        {
          "name": "23751",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23751"
        },
        {
          "name": "39247",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/39247"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-0157",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Array index error in the uri_lookup function in the URI parser for neon 0.26.0 to 0.26.2, possibly only on 64-bit platforms, allows remote malicious servers to cause a denial of service (crash) via a URI with non-ASCII characters, which triggers a buffer under-read due to a type conversion error that generates a negative index."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "23984",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23984"
            },
            {
              "name": "[neon] 20070107 invalid chars cause sigserv in neon",
              "refsource": "MLIST",
              "url": "http://mailman.webdav.org/pipermail/neon/2007-January/002362.html"
            },
            {
              "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi/neon26_0.26.2-3_to_mdx1.diff?bug=404723;msg=5;att=2",
              "refsource": "CONFIRM",
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi/neon26_0.26.2-3_to_mdx1.diff?bug=404723;msg=5;att=2"
            },
            {
              "name": "http://www.webdav.org/cadaver/",
              "refsource": "CONFIRM",
              "url": "http://www.webdav.org/cadaver/"
            },
            {
              "name": "[cadaver] 20070123 release 0.22.5",
              "refsource": "MLIST",
              "url": "http://mailman.webdav.org/pipermail/cadaver/2007-January/001015.html"
            },
            {
              "name": "MDKSA-2007:013",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:013"
            },
            {
              "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=404723",
              "refsource": "CONFIRM",
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=404723"
            },
            {
              "name": "SUSE-SR:2007:002",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2007_02_sr.html"
            },
            {
              "name": "22035",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/22035"
            },
            {
              "name": "ADV-2007-0172",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0172"
            },
            {
              "name": "23763",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23763"
            },
            {
              "name": "ADV-2007-0362",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0362"
            },
            {
              "name": "23751",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23751"
            },
            {
              "name": "39247",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/39247"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-0157",
    "datePublished": "2007-01-09T21:00:00",
    "dateReserved": "2007-01-09T00:00:00",
    "dateUpdated": "2024-08-07T12:12:16.464Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-0157\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-01-09T21:28:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Array index error in the uri_lookup function in the URI parser for neon 0.26.0 to 0.26.2, possibly only on 64-bit platforms, allows remote malicious servers to cause a denial of service (crash) via a URI with non-ASCII characters, which triggers a buffer under-read due to a type conversion error that generates a negative index.\"},{\"lang\":\"es\",\"value\":\"Error de \u00edndice de array en la funci\u00f3n uri_lookup del int\u00e9rprete de URI para neon 0.26.0 hasta 0.26.2, posiblemente s\u00f3lo en plataformas de 54 bits, permite a servidores remotos maliciosos provocar una denegaci\u00f3n de servicio (ca\u00edda) mediante un URI con caracteres no-ASCII, lo que dispara una lectura de b\u00fafer por debajo del l\u00edmite inferior debido a un error de conversi\u00f3n de tipos que genera un \u00edndice negativo.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:neon:neon:0.26.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CA5EF13-02E0-414E-8076-9E8CF8791C61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:neon:neon:0.26.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2538986-65F3-4E52-BD74-E31728B14A45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:neon:neon:0.26.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D48115F0-4B06-4C4C-8969-7F0518C46257\"}]}]}],\"references\":[{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi/neon26_0.26.2-3_to_mdx1.diff?bug=404723%3Bmsg=5%3Batt=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=404723\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://mailman.webdav.org/pipermail/cadaver/2007-January/001015.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://mailman.webdav.org/pipermail/neon/2007-January/002362.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/39247\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/23751\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/23763\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/23984\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2007:013\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2007_02_sr.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/22035\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/0172\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/0362\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.webdav.org/cadaver/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi/neon26_0.26.2-3_to_mdx1.diff?bug=404723%3Bmsg=5%3Batt=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=404723\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://mailman.webdav.org/pipermail/cadaver/2007-January/001015.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://mailman.webdav.org/pipermail/neon/2007-January/002362.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/39247\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/23751\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/23763\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/23984\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2007:013\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2007_02_sr.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/22035\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/0172\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/0362\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.webdav.org/cadaver/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"Not vulnerable.  This issue does not affect the older versions of neon as shipped with Red Hat Enterprise Linux 2.1, 3, and 4.  This issue also does not affect the older versions of neon included in the cadaver package.\",\"lastModified\":\"2007-01-15T00:00:00\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.