CVE-2007-2053

Name of the Vulnerable Software and Affected Versions AFFLIB versions prior to 2.2.6

Description The issue is caused by multiple stack-based buffer overflows, which can lead to a denial of service (crash) or possibly allow remote attackers to execute arbitrary code. This can occur through various means, including a long LastModified value in an S3 XML response, a long path or bucket in an S3 URL, or a long EFW, AFD, or certain file paths.

Recommendations For versions prior to 2.2.6, update to version 2.2.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the lib/s3.cpp and lib/vnode s3.cpp components to minimize the risk of exploitation. Avoid using long values for LastModified, path, bucket, EFW, AFD, or file paths in affected API endpoints until the issue is resolved.