Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a long LastModified value in an S3 XML response in lib/s3.cpp; (2) a long (a) path or (b) bucket in an S3 URL in lib/vnode_s3.cpp; or (3) a long (c) EFW, (d) AFD, or (c) aimage file path. NOTE: the aimage vector (3c) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2007-04-30T22:00:00
Updated: 2018-10-16T14:57:01
Reserved: 2007-04-16T00:00:00
Link: CVE-2007-2053
JSON object: View
NVD Information
Status : Modified
Published: 2007-04-30T22:19:00.000
Modified: 2018-10-16T16:41:46.130
Link: CVE-2007-2053
JSON object: View
Redhat Information
No data.
CWE