CVE-2007-0157 | Vulnerability Database | Aqua Security

Array index error in the uri_lookup function in the URI parser for neon 0.26.0 to 0.26.2, possibly only on 64-bit platforms, allows remote malicious servers to cause a denial of service (crash) via a URI with non-ASCII characters, which triggers a buffer under-read due to a type conversion error that generates a negative index.

Affected Software

Name	Vendor	Start Version	End Version
Neon	Neon	0.26.0 (including)	0.26.0 (including)
Neon	Neon	0.26.1 (including)	0.26.1 (including)
Neon	Neon	0.26.2 (including)	0.26.2 (including)
Cadaver	Ubuntu	dapper	*
Cadaver	Ubuntu	devel	*
Cadaver	Ubuntu	edgy	*
Cadaver	Ubuntu	feisty	*
Cadaver	Ubuntu	gutsy	*
Cadaver	Ubuntu	hardy	*
Cadaver	Ubuntu	intrepid	*
Cadaver	Ubuntu	jaunty	*
Cadaver	Ubuntu	karmic	*
Neon26	Ubuntu	devel	*
Neon26	Ubuntu	feisty	*
Neon26	Ubuntu	gutsy	*
Neon26	Ubuntu	hardy	*
Neon26	Ubuntu	intrepid	*
Neon26	Ubuntu	jaunty	*
Neon26	Ubuntu	karmic	*

References

http://bugs.debian.org/cgi-bin/bugreport.cgi/neon26_0.26.2-3_to_mdx1.diff?bug=404723%3Bmsg=5%3Batt=2
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=404723
http://mailman.webdav.org/pipermail/cadaver/2007-January/001015.html
http://mailman.webdav.org/pipermail/neon/2007-January/002362.html
http://osvdb.org/39247
http://secunia.com/advisories/23751
http://secunia.com/advisories/23763
http://secunia.com/advisories/23984
http://www.mandriva.com/security/advisories?name=MDKSA-2007:013
http://www.novell.com/linux/security/advisories/2007_02_sr.html
http://www.securityfocus.com/bid/22035
http://www.vupen.com/english/advisories/2007/0172
http://www.vupen.com/english/advisories/2007/0362
http://www.webdav.org/cadaver/

NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-0157
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html