CVE-2007-0157

Publication date 9 January 2007

Last updated 24 July 2024

Ubuntu priority

Unknown

Why this priority?

Array index error in the uri_lookup function in the URI parser for neon 0.26.0 to 0.26.2, possibly only on 64-bit platforms, allows remote malicious servers to cause a denial of service (crash) via a URI with non-ASCII characters, which triggers a buffer under-read due to a type conversion error that generates a negative index.

Status

No maintained releases are affected by this CVE.

Package Ubuntu Release Status
cadaver 9.10 karmic
Fixed 0.22.5-2
9.04 jaunty
Fixed 0.22.5-2
8.10 intrepid
Fixed 0.22.5-2
8.04 LTS hardy
Fixed 0.22.5-2
7.10 gutsy
Fixed 0.22.5-2
7.04 feisty Ignored end of life, was needed
6.10 edgy Ignored end of life, was needed
6.06 LTS dapper Ignored end of life
neon 9.10 karmic Not in release
9.04 jaunty Not in release
8.10 intrepid Not in release
8.04 LTS hardy Not in release
7.10 gutsy
Not affected
7.04 feisty
Not affected
6.10 edgy
Not affected
6.06 LTS dapper
Not affected
neon26 9.10 karmic
Fixed 0.26.3-1
9.04 jaunty
Fixed 0.26.3-1
8.10 intrepid
Fixed 0.26.3-1
8.04 LTS hardy
Fixed 0.26.3-1
7.10 gutsy
Fixed 0.26.3-1
7.04 feisty
Fixed 0.26.3-1
6.10 edgy Not in release
6.06 LTS dapper Not in release