Computer Security
[EN] securityvulns.ru
no-pyccku

  

libneon array index overflow
Published:15.01.2007
Source:
SecurityVulns ID:7052
Type:library
Threat Level:
5/10
Description:Index overflow on URI parsing with non-ASCII characters in 64-bit systems.
Affected:neon : libneon 0.26
CVE:CVE-2007-0496 (PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the g_strRootDir parameter.)
 CVE-2007-0157 (Array index error in the uri_lookup function in the URI parser for neon 0.26.0 to 0.26.2, possibly only on 64-bit platforms, allows remote malicious servers to cause a denial of service (crash) via a URI with non-ASCII characters, which triggers a buffer under-read due to a type conversion error that generates a negative index.)
Original documentdocumentMANDRAKE, [ MDKSA-2007:013 ] - Updated libneon0.26 packages fix vulnerability (15.01.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru