CVE-2007-2053 - Vulnerability Details - OpenCVE

Description

Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a long LastModified value in an S3 XML response in lib/s3.cpp; (2) a long (a) path or (b) bucket in an S3 URL in lib/vnode_s3.cpp; or (3) a long (c) EFW, (d) AFD, or (c) aimage file path. NOTE: the aimage vector (3c) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB.

Published: 2007-04-30

Score: 10.0 Critical

EPSS: 20.5% Moderate

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

cpe:2.3:a:afflib:afflib:*:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.20461.

Key SSVC decision points have not yet been added.

References

Link	Providers
http://osvdb.org/35613
http://osvdb.org/35614
http://osvdb.org/35615
http://securityreason.com/securityalert/2655
http://www.securityfocus.com/archive/1/467038/100/0/threaded
http://www.securityfocus.com/bid/23695
http://www.vsecurity.com/bulletins/advisories/2007/afflib-overflows.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/33961

History

No history.

Subscriptions

Afflib Afflib

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-04-30T22:00:00.000Z

Updated: 2024-08-07T13:23:50.423Z

Reserved: 2007-04-16T00:00:00.000Z

Link: CVE-2007-2053

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-04-30T22:19:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-2053

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-04-27T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a long LastModified value in an S3 XML response in lib/s3.cpp; (2) a long (a) path or (b) bucket in an S3 URL in lib/vnode_s3.cpp; or (3) a long (c) EFW, (d) AFD, or (c) aimage file path. NOTE: the aimage vector (3c) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "2655", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2655"}, {"name": "35613", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/35613"}, {"tags": ["x_refsource_MISC"], "url": "http://www.vsecurity.com/bulletins/advisories/2007/afflib-overflows.txt"}, {"name": "35614", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/35614"}, {"name": "35615", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/35615"}, {"name": "afflib-multiple-bo(33961)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33961"}, {"name": "20070427 AFFLIB(TM): Multiple Buffer Overflows", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/467038/100/0/threaded"}, {"name": "23695", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/23695"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2053", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a long LastModified value in an S3 XML response in lib/s3.cpp; (2) a long (a) path or (b) bucket in an S3 URL in lib/vnode_s3.cpp; or (3) a long (c) EFW, (d) AFD, or (c) aimage file path. NOTE: the aimage vector (3c) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "2655", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2655"}, {"name": "35613", "refsource": "OSVDB", "url": "http://osvdb.org/35613"}, {"name": "http://www.vsecurity.com/bulletins/advisories/2007/afflib-overflows.txt", "refsource": "MISC", "url": "http://www.vsecurity.com/bulletins/advisories/2007/afflib-overflows.txt"}, {"name": "35614", "refsource": "OSVDB", "url": "http://osvdb.org/35614"}, {"name": "35615", "refsource": "OSVDB", "url": "http://osvdb.org/35615"}, {"name": "afflib-multiple-bo(33961)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33961"}, {"name": "20070427 AFFLIB(TM): Multiple Buffer Overflows", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/467038/100/0/threaded"}, {"name": "23695", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23695"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:23:50.423Z"}, "title": "CVE Program Container", "references": [{"name": "2655", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2655"}, {"name": "35613", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/35613"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.vsecurity.com/bulletins/advisories/2007/afflib-overflows.txt"}, {"name": "35614", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/35614"}, {"name": "35615", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/35615"}, {"name": "afflib-multiple-bo(33961)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33961"}, {"name": "20070427 AFFLIB(TM): Multiple Buffer Overflows", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/467038/100/0/threaded"}, {"name": "23695", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/23695"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2053", "datePublished": "2007-04-30T22:00:00.000Z", "dateReserved": "2007-04-16T00:00:00.000Z", "dateUpdated": "2024-08-07T13:23:50.423Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:afflib:afflib:*:*:*:*:*:*:*:*", "matchCriteriaId": "A201CC59-48F8-4FA9-B17E-00D75CF41235", "versionEndIncluding": "2.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a long LastModified value in an S3 XML response in lib/s3.cpp; (2) a long (a) path or (b) bucket in an S3 URL in lib/vnode_s3.cpp; or (3) a long (c) EFW, (d) AFD, or (c) aimage file path. NOTE: the aimage vector (3c) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer basados en pila en AFFLIB before 2.2.6 permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) o posiblemente ejecutar c\u00f3digo de su elecci\u00f3n mediante (1) un valor largo LastModified en una respuesta S3 XML en lib/s3.cpp; (2) una larga (a) ruta \u00f3(b) contenedor (bucket) en una URL S3 en lib/vnode_s3.cpp; \u00f3 (3) una larga (c) EFW, (d) AFD, \u00f3 (c) ruta de imagen aimage. \r\nNOTA: El vector aimage (3c) ha sido retirado del aviso original del investigador, dado que el c\u00f3digo no se invoca en ninguna versi\u00f3n de AFFLIB."}], "evaluatorSolution": "The vendor has addressed this issue through a product update:\r\nhttp://www.afflib.org/downloads/\r\n", "id": "CVE-2007-2053", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-04-30T22:19:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/35613"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/35614"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/35615"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2655"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/467038/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/23695"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vsecurity.com/bulletins/advisories/2007/afflib-overflows.txt"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33961"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/35613"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/35614"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/35615"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/2655"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/467038/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/23695"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vsecurity.com/bulletins/advisories/2007/afflib-overflows.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33961"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}