CVE-2007-0157

Name of the Vulnerable Software and Affected Versions neon versions 0.26.0 through 0.26.2

Description The issue is related to an array index error in the uri lookup function within the URI parser. This error can be triggered by a remote malicious server sending a URI with non-ASCII characters, potentially causing a denial of service (crash) due to a buffer under-read. The problem arises from a type conversion error that results in a negative index.

Recommendations For neon versions 0.26.0 through 0.26.2, consider updating to a version that fixes the array index error in the uri lookup function to prevent potential denial of service attacks.