Neon LibNeon Non-Ascii Character URI Data Denial Of Service Vulnerability

Bugtraq ID:	22035
Class:	Design Error
CVE:	CVE-2007-0157
Remote:	Yes
Local:	No
Published:	Jan 12 2007 12:00AM
Updated:	Jan 29 2007 07:38PM
Credit:	Laszlo Boszormenyi discovered this issue.
Vulnerable:	S.u.S.E. openSUSE 10.2 Neon Client Library 0.26.2 Neon Client Library 0.26.1 Neon Client Library 0.26 Mandriva Linux Mandrake 2007.0 x86_64 Mandriva Linux Mandrake 2007.0 Cadaver WebDAV Client 0.22.4
Not Vulnerable:	Neon Client Library 0.26.3 Cadaver WebDAV Client 0.22.5

Neon LibNeon Non-Ascii Character URI Data Denial Of Service Vulnerability

The Neon Library is prone to a remote denial-of-service vulnerability.

This issue occurs when parsing URI data containing non-ASCII characters.

An attacker can exploit this vulnerability to crash the library, effectively denying service to legitimate users.

Versions 0.26 to 0.26.2 are vulnerable; other versions may also be affected.

NOTE: Only 64-bit systems are affected.

Neon LibNeon Non-Ascii Character URI Data Denial Of Service Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

Neon LibNeon Non-Ascii Character URI Data Denial Of Service Vulnerability

References:

• [cadaver] release 0.22.5 (Cadaver)
  
• Cadaver Home Page (Cadaver)
  
• Neon Web Site (Neon)