CVE-2007-0157

Published: 9 January 2007

Array index error in the uri_lookup function in the URI parser for neon 0.26.0 to 0.26.2, possibly only on 64-bit platforms, allows remote malicious servers to cause a denial of service (crash) via a URI with non-ASCII characters, which triggers a buffer under-read due to a type conversion error that generates a negative index.

Priority

Status

Package	Release	Status
cadaver Launchpad, Ubuntu, Debian	dapper	Ignored (end of life)
	edgy	Ignored (end of life, was needed)
	feisty	Ignored (end of life, was needed)
	gutsy	Released (0.22.5-2)
	hardy	Released (0.22.5-2)
	intrepid	Released (0.22.5-2)
	jaunty	Released (0.22.5-2)
	karmic	Released (0.22.5-2)
	upstream	Needs triage
neon Launchpad, Ubuntu, Debian	dapper	Not vulnerable
	edgy	Not vulnerable
	feisty	Not vulnerable
	gutsy	Not vulnerable
	hardy	Does not exist
	intrepid	Does not exist
	jaunty	Does not exist
	karmic	Does not exist
	upstream	Needs triage
neon26 Launchpad, Ubuntu, Debian	dapper	Does not exist
	edgy	Does not exist
	feisty	Released (0.26.3-1)
	gutsy	Released (0.26.3-1)
	hardy	Released (0.26.3-1)
	intrepid	Released (0.26.3-1)
	jaunty	Released (0.26.3-1)
	karmic	Released (0.26.3-1)
	upstream	Needs triage

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

CVE-2007-0157

Priority

Status

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading