CVE-2007-2053 - Vulnerability Details - OpenCVE

Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a long LastModified value in an S3 XML response in lib/s3.cpp; (2) a long (a) path or (b) bucket in an S3 URL in lib/vnode_s3.cpp; or (3) a long (c) EFW, (d) AFD, or (c) aimage file path. NOTE: the aimage vector (3c) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.14872.

Key SSVC decision points have not yet been added.

Vendors	Products
Afflib	Afflib

Configuration 1 [-]

cpe:2.3:a:afflib:afflib:*:*:*:*:*:*:*:*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://osvdb.org/35613
http://osvdb.org/35614
http://osvdb.org/35615
http://securityreason.com/securityalert/2655
http://www.securityfocus.com/archive/1/467038/100/0/threaded
http://www.securityfocus.com/bid/23695
http://www.vsecurity.com/bulletins/advisories/2007/afflib-overflows.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/33961

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-04-30T22:00:00

Updated: 2024-08-07T13:23:50.423Z

Reserved: 2007-04-16T00:00:00

Link: CVE-2007-2053

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-04-30T22:19:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-2053

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-04-27T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a long LastModified value in an S3 XML response in lib/s3.cpp; (2) a long (a) path or (b) bucket in an S3 URL in lib/vnode_s3.cpp; or (3) a long (c) EFW, (d) AFD, or (c) aimage file path. NOTE: the aimage vector (3c) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "2655", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2655"}, {"name": "35613", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/35613"}, {"tags": ["x_refsource_MISC"], "url": "http://www.vsecurity.com/bulletins/advisories/2007/afflib-overflows.txt"}, {"name": "35614", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/35614"}, {"name": "35615", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/35615"}, {"name": "afflib-multiple-bo(33961)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33961"}, {"name": "20070427 AFFLIB(TM): Multiple Buffer Overflows", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/467038/100/0/threaded"}, {"name": "23695", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/23695"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2053", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a long LastModified value in an S3 XML response in lib/s3.cpp; (2) a long (a) path or (b) bucket in an S3 URL in lib/vnode_s3.cpp; or (3) a long (c) EFW, (d) AFD, or (c) aimage file path. NOTE: the aimage vector (3c) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "2655", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2655"}, {"name": "35613", "refsource": "OSVDB", "url": "http://osvdb.org/35613"}, {"name": "http://www.vsecurity.com/bulletins/advisories/2007/afflib-overflows.txt", "refsource": "MISC", "url": "http://www.vsecurity.com/bulletins/advisories/2007/afflib-overflows.txt"}, {"name": "35614", "refsource": "OSVDB", "url": "http://osvdb.org/35614"}, {"name": "35615", "refsource": "OSVDB", "url": "http://osvdb.org/35615"}, {"name": "afflib-multiple-bo(33961)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33961"}, {"name": "20070427 AFFLIB(TM): Multiple Buffer Overflows", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/467038/100/0/threaded"}, {"name": "23695", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23695"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:23:50.423Z"}, "title": "CVE Program Container", "references": [{"name": "2655", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2655"}, {"name": "35613", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/35613"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.vsecurity.com/bulletins/advisories/2007/afflib-overflows.txt"}, {"name": "35614", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/35614"}, {"name": "35615", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/35615"}, {"name": "afflib-multiple-bo(33961)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33961"}, {"name": "20070427 AFFLIB(TM): Multiple Buffer Overflows", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/467038/100/0/threaded"}, {"name": "23695", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/23695"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2053", "datePublished": "2007-04-30T22:00:00", "dateReserved": "2007-04-16T00:00:00", "dateUpdated": "2024-08-07T13:23:50.423Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:afflib:afflib:*:*:*:*:*:*:*:*", "matchCriteriaId": "A201CC59-48F8-4FA9-B17E-00D75CF41235", "versionEndIncluding": "2.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a long LastModified value in an S3 XML response in lib/s3.cpp; (2) a long (a) path or (b) bucket in an S3 URL in lib/vnode_s3.cpp; or (3) a long (c) EFW, (d) AFD, or (c) aimage file path. NOTE: the aimage vector (3c) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer basados en pila en AFFLIB before 2.2.6 permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) o posiblemente ejecutar c\u00f3digo de su elecci\u00f3n mediante (1) un valor largo LastModified en una respuesta S3 XML en lib/s3.cpp; (2) una larga (a) ruta \u00f3(b) contenedor (bucket) en una URL S3 en lib/vnode_s3.cpp; \u00f3 (3) una larga (c) EFW, (d) AFD, \u00f3 (c) ruta de imagen aimage. \r\nNOTA: El vector aimage (3c) ha sido retirado del aviso original del investigador, dado que el c\u00f3digo no se invoca en ninguna versi\u00f3n de AFFLIB."}], "evaluatorSolution": "The vendor has addressed this issue through a product update:\r\nhttp://www.afflib.org/downloads/\r\n", "id": "CVE-2007-2053", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-04-30T22:19:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/35613"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/35614"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/35615"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2655"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/467038/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/23695"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vsecurity.com/bulletins/advisories/2007/afflib-overflows.txt"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33961"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/35613"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/35614"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/35615"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/2655"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/467038/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/23695"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vsecurity.com/bulletins/advisories/2007/afflib-overflows.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33961"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}