CVE-2007-2053
Last modified
CVE-2007-2053 is a vulnerability of currently unknown severity. Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a long LastModified value in an S3 XML response in lib/s3.cpp; (2) a long (a) path or (b) bucket in an S3 URL in lib/vnode_s3.cpp; or (3) a long (c) EFW, (d) AFD, or (c) aimage file path. NOTE: the aimage vector (3c) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB.. EPSS estimates a 6.71% chance of exploitation in the next 30 days.
Description
Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a long LastModified value in an S3 XML response in lib/s3.cpp; (2) a long (a) path or (b) bucket in an S3 URL in lib/vnode_s3.cpp; or (3) a long (c) EFW, (d) AFD, or (c) aimage file path. NOTE: the aimage vector (3c) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Afflib | Afflib | <= 2.2.0 |
References
- http://www.vsecurity.com/bulletins/advisories/2007/afflib-overflows.txtPatch, Vendor Advisory
- http://www.vsecurity.com/bulletins/advisories/2007/afflib-overflows.txtPatch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2007-2053?
How severe is CVE-2007-2053?
How do I fix CVE-2007-2053?
Are you affected by CVE-2007-2053?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST