Vulnerability Details CVE-2007-2053
Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a long LastModified value in an S3 XML response in lib/s3.cpp; (2) a long (a) path or (b) bucket in an S3 URL in lib/vnode_s3.cpp; or (3) a long (c) EFW, (d) AFD, or (c) aimage file path. NOTE: the aimage vector (3c) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.191
EPSS Ranking 95.1%
CVSS Severity
CVSS v2 Score 10.0
References
- http://osvdb.org/35613
- http://osvdb.org/35614
- http://osvdb.org/35615
- http://securityreason.com/securityalert/2655
- http://www.securityfocus.com/archive/1/467038/100/0/threaded
- http://www.securityfocus.com/bid/23695
- http://www.vsecurity.com/bulletins/advisories/2007/afflib-overflows.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33961
- http://osvdb.org/35613
- http://osvdb.org/35614
- http://osvdb.org/35615
- http://securityreason.com/securityalert/2655
- http://www.securityfocus.com/archive/1/467038/100/0/threaded
- http://www.securityfocus.com/bid/23695
- http://www.vsecurity.com/bulletins/advisories/2007/afflib-overflows.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33961